Report - 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click

Report Overview

Submitted URL
1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
IP
178.253.29.51
ASN
#202492 Silverhill Group Holding Ltd
Submitted
2024-05-10 04:08:56
Access
public
Website Title
1xBet ᐉ Online sports betting ᐉ 1xBet online bookmaker log in ᐉ 1xlite-461430.top
Final URL
1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
118

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2024-05-07	92 kB	5.9 MB	185.244.209.62
widget.suphelper.top	unknown	2023-08-02	2023-10-04	2024-05-02	6.9 kB	1.1 MB	172.64.148.184
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-09	847 B	172 kB	142.250.74.168
radar.cedexis.com	3035	2009-01-07	2013-11-27	2024-05-09	822 B	1.1 kB	45.54.49.5
www.google.no	25607	2001-02-26	2016-04-05	2024-05-09	587 B	578 B	142.250.74.163
pp23vi1.com	unknown	2023-03-09	2023-04-06	2024-05-04	439 B	387 B	178.253.14.123
1xlite-461430.top	unknown	2023-08-11	2023-08-11	2024-05-07	109 kB	850 kB	178.253.29.51

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (119)

	URL	Size	First Seen	Last Seen
	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-23276dd1.js	68 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-23276dd1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 95f88aaf23013ee72af96785289d78ad 6b84c0d3300d2e3b282134783be74836ee684f4c 256749431c78a25466e1fc4b433d87efe7315ec0ae78cb94f8b481b33e285d70 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js	8.7 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 17c159eb9f582ec9da7a4285b37349f0 652f12e3c4cfdad29cff1f06e709f0d18522d8ae 3562960610c72291435591709c1b63b69ad67f4d2462cbf180241330b7486bea Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-42a0f4cc.js	12 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-42a0f4cc.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-12 01:37:00 Times Seen13 Hash 40cbeb3b1fadfd3c0235beaf250dd48e 8fdbbea7d2085d6562e95f0530c17fce06fcf60c 72b4153b971c2a2d3093a986bbdf30b739dfa03fac8a292e9a98a55e1b97a1b4 Loading...

	widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js	481 kB	2024-01-20	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-20 12:33:21 Times Seen640 Hash 46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c Loading...

	v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js	47 kB	2024-05-08	2024-05-10
Pretty URL v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-10 08:18:59 Times Seen14 Hash 9d26081d0b3d4583fb993964e34ebc20 7354028aab0bc7bf47ae19a8ad043a5b963ac9b4 9c88d5d68f360228d938c9d263160133a15c53fd5d7989317406b54a662b469d Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-96d6b2c1.js	76 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-96d6b2c1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 0fcfe75628cf7cd25fa643bfefbf5940 2d7d246eb52fbc3a2420db7a8bfa1d54e5b480fd bbb5b77e24844a594d4084e394bfa0348081335c28a3a4d172ac5ff83cdabcea Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js	81 kB	2024-04-25	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-15 18:55:36 Times Seen32 Hash 67267513246705d46a0bb83e1f8efd2a d1af6d9ad50f110bbb4bb4d75965dd939a14e15d 35acb34c3273056ead66f9ae7dc11b3c2e3bd1a4c46dc22daaa6900c150c2b2c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-244fe993.js	76 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-244fe993.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-12 01:36:59 Times Seen13 Hash 355ce5bc5ad3ce4d9f2f42f33af33a73 3cb3452330b81cf844be98de00fd4c54717c7cf8 0a79ccdbc986e060b53a249945fd32b5a2b892bfcae6cf9ff7dac154ad05d380 Loading...

	widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js	10 kB	2024-01-20	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:35 Last Seen2024-05-20 12:33:21 Times Seen646 Hash 54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662 Loading...

	widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js	92 B	2023-03-07	2024-05-20
Pretty URL widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-20 12:33:21 Times Seen8047 Hash 7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-0ade32fe.js	1.2 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-0ade32fe.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 9b4c5178b31779a0981ed2c9776a53c7 9235df453636bc042a2a1ae0f4c515056c5c5a90 8cb9638fcdeffac9470295235a3064097fb9b59e73b95ec8102c6bb663d980d8 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-e9231dc8.js	40 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-e9231dc8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 0644769b808fa59af4beda42788b2e66 266dd9b95b442a01759242a55a117d083cbac67d 7f2a8da86462ef570ba1c5abe327880bcea5ec510160ea6f590a066e1a5bc6ce Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3016f30da818.js	504 B	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3016f30da818.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-14 10:51:32 Times Seen14 Hash e3d07e6f66159328ab36432621f76bb1 a6904f34c980d0670c78ca33d3af1d42c9f80332 3165b04b3f1b881e9ce209f0a2ccee985c00ed98db43e9cb6af5d530438b7d1b Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ac53cf87dd2.js	1.5 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ac53cf87dd2.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-14 10:51:30 Times Seen8 Hash 06871b10d5141bfeb987b72a580ec66a 8fc7d1eaa1dd7662ac5b54367f72d2cf6a835ca7 7241b2a743f545e81be38be0b6acc184d4022a96d4d59baa39fd224836022fe6 Loading...

	unknown	34 B	2023-04-14	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-20 12:33:19 Times Seen985 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba	2.0 kB	2024-05-08	2024-05-10
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-10 06:09:02 Times Seen5 Hash f00ff9a1499df02ca0a54c03e6191cf9 628f0f0b859f719b80485173332c3e1f0df2d365 28741b9e5bd970a19509ff9001a5a438858a468bf8f366d650b2aad74e24f133 Loading...

	v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-45d015a5.js	3.1 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-45d015a5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-12 01:36:59 Times Seen14 Hash d480de5fb5e98ac782b0bd0f059e76f0 4c835740fa9f633deed7fba057d32b6d9ada360a d283c64ddc00ff6250739d80df5c2dbc126fedd3731ee5fa1611d70a27b4d6d0 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js	30 kB	2024-03-23	2024-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-20 12:33:21 Times Seen123 Hash dfa127e93d125d4f6c566203eaf225f2 32c1fd89c4eeed7ac2a942582b3786659b15cd43 cf5077d1cff62ce76807408ebc2203563b7a221ddf1cf38339c6d54289bff390 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js	53 B	2024-04-24	2024-05-20
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-05-20 11:06:29 Times Seen54 Hash bb7e15ec1662efa164ad912bd1c65e19 bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52 a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/40295f87c48b.js	4.2 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/40295f87c48b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-14 10:51:32 Times Seen8 Hash 04021329a63deda1db56e389799543a2 c23841b8d286dd7ab0e8bf15f0a12d29a58677bb 0826cf90fd8894d65f095383c9063acdc074a904f1ec06263711376389a8889b Loading...

	v3.traincdn.com/_nuxt/desktop/default/analytics-4b5e21b9.js	6.5 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/analytics-4b5e21b9.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen23 Hash 9a4be384412c80b7437a28e4029c1fb2 c22adfa2c7e5c07fa8f35643e0cf77083792441d b52c3c4608a1dda0852dac06c440b9932e1134f4cda761c63f24faf3c01ed919 Loading...

	v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js	7.0 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 426b4077094d2bf6f0f1feab6aaaaa40 b6ac46785f2225c76aaf65d152456765df824887 864bc0a49b9b457b62b65a8902f9f07305e5010d46df4cc5416dfb8b028c2c09 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js	2.5 kB	2024-05-08	2024-05-10
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-10 08:18:59 Times Seen14 Hash a961fc2d8c225c0cc2dc814175a9d9e4 9293a62e3d0f4ab392dfef6f7f7172cb9889a724 a33381e13222f9cb4ab741177e3ad9ed83e3eca14864fac385a8fc4440ff2d90 Loading...

	v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js	3.2 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-13 08:08:48 Times Seen25 Hash 5233ff069edca79a361c0b2b198b55cc ba4364baebab13117998653f970a92b8ee07f900 c738fe5d4a58cfa5164ec13724b158a0021645987ebb534e1a230895b48b2e56 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c6409e21932f.js	731 B	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c6409e21932f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-14 10:51:35 Times Seen13 Hash 79c1e0d539880fd610f91e5b16085eec 8869f44ec95c804929f77b63b5343cc36390fd4a dcc3f9313d182be8841c435a392fd95939cae9137c4e030d26b1fcbd1d0658e2 Loading...

	unknown	39 B	2023-04-14	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-20 12:33:19 Times Seen977 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-e829f008.js	1.3 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-e829f008.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 3d1c9a4aa6d6ce7232c9da19626fc107 ee85ed881df1aac90651e4ca11c83f3e4c374445 6822622a53f8498fff12f0381c4dcc8d7d8f5b085983bf99279214f3ac9002c7 Loading...

	v3.traincdn.com/_nuxt/check-ob.js	211 B	2024-04-24	2024-05-20
Pretty URL v3.traincdn.com/_nuxt/check-ob.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-05-20 12:33:20 Times Seen309 Hash ced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616 Loading...

	widget.suphelper.top/injector.js	208 kB	2023-12-17	2024-05-20
Pretty URL widget.suphelper.top/injector.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 15:23:16 Last Seen2024-05-20 12:33:19 Times Seen1055 Hash faa1c0b5a845868ac1a8071b6b87d458 71034e9bb2726a20b2afa197ff4e1b52c2ab976b d7585c13a4abd3b295a15b2bce2b2d7121a697f42ea85f89f40624ac26b075d0 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4f769aae21a0.js	435 B	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4f769aae21a0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-14 10:51:35 Times Seen15 Hash 9161fb5b91a09b3026d143479dc567a6 c1fe731351fb1447e76ef38def2d2f869b025007 9a4b211be9ec541c8fbdf213a2ae7b270afdd22674f74ad12b9aec0a5ff6b278 Loading...

	1xlite-461430.top/polyfills.js	0 B	2023-03-07	2024-05-20
Pretty URL 1xlite-461430.top/polyfills.js IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 15:20:53 Times Seen37879283 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-6b906b26.js	31 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-6b906b26.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 7462c3ce706e3a0439d52dfd83b79f18 7fcb3c23faccec9e4ef977d403cd600ed9d47159 28be8165dfece6660276495ac167ab5161021d9f7b2159e7929e76f1a64f0a16 Loading...

	widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js	3.8 kB	2023-10-05	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-05 09:17:37 Last Seen2024-05-20 12:33:19 Times Seen2093 Hash ba1681cca05ff7b4f8698587da76ab26 7113520b461dfcbdcbc1725a1acc6e05547bf20e bcfc83f65454f29634e61503e84d77f3fe8bc06451b90927bf842e9ad352ac64 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js	25 kB	2024-04-24	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-05-15 18:55:36 Times Seen55 Hash 701ad5a22b8ea7213a53e334d0898349 87749d947f6aa40eb671447b58261d710ec5479b 07669c2ea7c29dd69e47f5518ba73b76389f3479e19f7362b461ef0fff96c1f0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-799ef317.js	20 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-799ef317.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-12 01:36:59 Times Seen16 Hash b9884f137bf9a4b984ed6d6076a5f912 6fa2e191fbe206a33b3ad8a6d47eb53d7c0bf9db 90d4698de2aa1516441fad988859d49ba80624cbedbc23ebd965850469f1cbd1 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-6df26894.js	14 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-6df26894.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-12 01:36:59 Times Seen14 Hash c5ca2aee7a66364b1976f26d36140247 54ffe1cc763bb1e43f260e4ac2de08578ff48701 b04cf8f174cc6c981df4a2f10e2a3a28ef582f8750f8afd6e6dbb89adad82281 Loading...

	v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js	894 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-13 08:08:48 Times Seen26 Hash eb4f34c1bf9c9befda1bf247f5e1df5b 334210525b8a7dad9cf37084c56194190961b67f f6dbc277c6f693b6ce346441312122bcfd288f3c93c550e9922ec3ddc128e28e Loading...

	v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js	2.3 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen24 Hash 55a903571af1a626a07aa8e6a5d83e1e 744db188996ec7ada8c219355d471d2ed347a9a2 ebd3f27093e1a541034d9c46a308f1273e0480bbeaaccf70f638e95f663c95e6 Loading...

	v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js	138 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 414c44a4caf31196b27b1c5c11628879 2536bdd8d54c6f619dc0a200015d9a7b95c08f90 07a1a14bccef15bc4e72f798aa8ae3c18decb59c7ad601832305f8180d3d3b54 Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba	924 B	2024-02-25	2024-05-20
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-25 06:56:59 Last Seen2024-05-20 12:33:19 Times Seen166 Hash 92bf20f2f922cc746bec8fe320b23ed3 768e5dbe711e1b62cad807b11ded99ef85001483 b81f4c4f575092cb52a07f89a96291f8e258b3f6bf61e51df0fec3bcc3132fea Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-e553050a.js	416 B	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-e553050a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-12 01:36:58 Times Seen11 Hash 5a59e1a877dfffd934287be20d74fb8f bd4f023b5d180689555d1185a1167a825549781d 2b2960e941dd6a85aebdfc7cefa2b4352fa3c462de8ade94656a97e1336f3aaf Loading...

	widget.suphelper.top/_next/static/f385e6db/_buildManifest.js	519 B	2024-04-25	2024-05-20
Pretty URL widget.suphelper.top/_next/static/f385e6db/_buildManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-05-20 12:33:19 Times Seen167 Hash 06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6158757f111a.js	715 B	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6158757f111a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:55 Last Seen2024-05-14 10:51:35 Times Seen14 Hash 6ee3bc259bfb800c3a044e012d0e1891 faf1bdf7b82d6f4da0783c56fd9149d9064a379a 5ae7bfa3bf9463a9e18abae9da1087a4a9f75b529ffb5c664dee152692c93f43 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/918f54786acc.js	1.4 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/918f54786acc.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-14 10:51:31 Times Seen8 Hash f06694004f6f9f402370d0b451d32116 f9b602cb03f676b3523f6083c06f1154d2099f45 4b0058d60fe657d61c03a929418bfb99a1ae1161b871a46519d5f3891590bb59 Loading...

	unknown	96 B	2023-12-06	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32:27 Last Seen2024-05-20 12:33:19 Times Seen992 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	325 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 06:09:02 Last Seen2024-05-10 06:09:06 Times Seen2 Hash 7b5d74a062481da3d37f70b341cc29ce a23626a39c03e7f1ff7f52c8be2e05d48d240b16 75a3027947ba12b5df92c819d702302ad54a00f2a5b89260cb073baf7a650f32 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js	32 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-13 08:08:48 Times Seen24 Hash 3ca2554a30cd9245966f39206d05ed01 b7e1bc94b6c370bc32a9b57e52dfac27264afdce ff808bc9910f34faee9d25b4d9dcff5c145337ca0211d762b6c58a08f86512b4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-4006d825.js	21 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-4006d825.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 77615e478beec6dc548b705fc1c55c2e 2f8dbad1324027ce98da1ea4b56a23c601fe9a1b 17f9731f8dad966c8f89f8814e18699c374deff1666197abf9245d3787a12933 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/726083f27efa.js	597 B	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/726083f27efa.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-14 10:51:35 Times Seen15 Hash 76880f7538a0be62d4fc0f9e55db36aa 73f78086fe9d1875b8e289fc3c8e22ecaec4dacb 0491db56d6c0b9c1ecabeafcffcb6d1151d847f9145dd643d4a7f6408faee096 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js	27 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 5e555ad28a7c695afb377a8855610652 8f195d8ff18e3e2d1105587315d8d3102650bf3a b90b7ba895ec988a0b72b9fd21ccc3d8e1d1cc4035f57fc47be6fb00e32caacc Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-36c334d6.js	37 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-36c334d6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-12 01:36:59 Times Seen13 Hash 67d8ed132b1ddc0c303fd8f75f32b471 cc7d93fb03efb29743c787d310d0f0350740ca94 7221c0785ae9cc81866e4a8b7638fbeef6df772b59a60ec529e5db68a2c62117 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-3636738c.js	137 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-3636738c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 1f7da36659a544fba17a29cffa971076 5c97a256ee06a1f642721e924aaf92fc6e8012f7 7283f446334be010ae677213a0b827a2e993e298bf023a85e87577edd2216c2d Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/327334405031.js	424 B	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/327334405031.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-14 10:51:35 Times Seen13 Hash 31bd7da0b4c3a29a840d1befac27cf8b ab07ed137a23fe5b743ec0589f6c5c0da7b85258 9a60e8a389d3cd93b0014468deb14c1921ade7deec0c8559a4682a09c3f6f25f Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-8d3c6808.js	15 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-8d3c6808.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 7399f5efa5d37b59176705a2377c2c45 5c11bebee2318c71972feafcd1a2a90ff47c5634 250ec267f3c9edf72e68005b6a91620725eebcd145c85d2c400dd7361a153ea7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js	12 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 8113ecbe1d6d4c8904ce977109730f08 70cd411e85297f2d6dcccffba8f633e3c609ca5f 1349cb7987b5ebae2dc20a5ad955120b8983b0059549cd7f3b0db5dbf1c89ce5 Loading...

	widget.suphelper.top/	196 B	2023-07-20	2024-05-20
Pretty URL widget.suphelper.top/ IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 14:42:12 Last Seen2024-05-20 12:33:19 Times Seen2143 Hash aa729c2ec64b60ce3b2052cc8edaa329 0f673deff4bffdd337a6220feb0b7b5b5ff666c4 9693391d461678be59d683100b1442f4ee65d2cf5bda3904fbf6232a7eb921ca Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e9c3c91c857e.js	1.0 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e9c3c91c857e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-14 10:51:33 Times Seen8 Hash 79b20e2721490ad601fb0a6be2cac709 4c24f68bad34bb77a9b4522f5d1cc65ed176e79d 993596b1fe1dff1d9874c263f2125cf7993be150361b77112810df219f1be669 Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba	649 kB	2024-05-10	2024-05-10
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 06:09:02 Last Seen2024-05-10 06:09:03 Times Seen1 Hash 8887921f25f25a8d01a77c91d2d45d21 25f9ac094b50a7201c3b66f603becea1c60cee55 4ee0a3cb6c9230a64ae5100f2b1a7621d3b104a1a793c46dafb266b310e81675 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-ac06930b.js	10 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-ac06930b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 742d0033e1d29553c749a1e323073aae dbe09fdca88f47fa291ee1cd110bcaf1b94ae3bb e8a1409bc1664ec9e5a3bb7fc5dcee5b19693e9188d15cc4c4941b0da0ef7797 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-81e2f8d7.js	28 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-81e2f8d7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 0b17cf75462948eeaaf7ece70cd5fba2 aebbba96a756cf09ce6a16de9e70c683b5de001d 32c6603817e972bf1aee9f736061fe43218fd74789ae76cb4cf7383176e65229 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js	26 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-13 08:08:48 Times Seen23 Hash 6d75d9fb64764579504c00ce537f6ff1 5661eb661bdef0a6a8bdd029ba5b7b9eb050e15e bf2a87bf4b4484a7ff05c40e1b4c94a316800dedb9445359cda5e43efa825d9f Loading...

	widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js	373 kB	2024-04-24	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-05-20 12:33:21 Times Seen273 Hash 36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0 Loading...

	widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js	37 kB	2023-10-13	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:04:09 Last Seen2024-05-20 12:33:21 Times Seen3275 Hash 6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js	69 kB	2024-03-23	2024-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-20 12:33:19 Times Seen125 Hash 138de5d55ee831195dd90bbf5c557926 4413082980942643803d8d4567df2f8395c0e868 55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js	955 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-13 08:08:48 Times Seen25 Hash de196c8e650ca4c514b5fbccb5f0fc2d fe73fce013c7cf22d6c01057981a01947484b020 27db5de650dc124db682f1dcd0bc5b018980cd52f3baaf8e4bab2d74fb9e0b5f Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-56ecd176.js	124 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-56ecd176.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 07244b6ad35d8802c10a1c5fd37712be 1b41f323c8cf0006dffb57939104bf1da14b9f6b 78be75ea68fee2170ba434351d695ad2be458c1cf6a819a96e1fd932c4b2c8a1 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-c2bb372a.js	7.8 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-c2bb372a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-12 01:37:00 Times Seen14 Hash d1c3350409fced81d3bdaa120774e126 b1d363217e08b0c554387b7ec8e55ca81d1b26e6 ae5f5f10dae7227a4979a2a6288d9078fabd7e3c3907f426f5614d2d84b7c45d Loading...

	widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js	1.0 MB	2024-05-02	2024-05-15
Pretty URL widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 12:28:02 Last Seen2024-05-15 07:03:13 Times Seen91 Hash 5997e7f54cf2aebf463f16902ccbc7fc 659b9677d6196eabd63ce0feb5f4466accb72df7 08d0ab3696a84b16c7cc5306bf6d83dd27f99a2ce221ed337bf09dec8ebf95db Loading...

	widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js	107 kB	2024-04-25	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-20 12:33:19 Times Seen279 Hash d0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/38023f75e90b.js	1.5 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/38023f75e90b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-14 10:51:30 Times Seen8 Hash 8a7d471cf2bc2319c80b135e841a4440 83cf483133835d2125869e780432f59f544223f2 f90cea1495a50c3868732000f45bf9578f84cd9725db67810c16008a112dd0c6 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-5a8fe517.js	2.3 MB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-5a8fe517.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:55 Last Seen2024-05-14 10:51:32 Times Seen9 Hash 0d38c5af85509fb3a865ab3c5282960e f10bff67e5ea54c17e10a77eefdc6cb90277eac6 9e78a3542fd9db999e5b298a799b089f672903cbb23a0fe556a468eabdd214cd Loading...

	radar.cedexis.com/1/23802/radar.js	390 B	2024-02-13	2024-05-20
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23:26 Last Seen2024-05-20 12:33:21 Times Seen331 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-aed267f1.js	28 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-aed267f1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-12 01:36:59 Times Seen16 Hash f2e1e371620e8835e0949e490cb0d4be 604919082776628a8cae272bf8679519e7e959a6 7854277ca13e6a5b17951bba0718833dec36b7740857483e17487cbec62dcd19 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-7f844954.js	15 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-7f844954.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-12 01:36:59 Times Seen13 Hash d33ee67d9f23dd62c456193b4e764eb9 f6d942295c97dfa39f4a924d0256969ccbed9c62 1e80290f86bdfedcb79a9f94f3eb27f309047d2bd580d874822aaaeac3675e71 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-8f216f08.js	24 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-8f216f08.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-12 01:36:59 Times Seen14 Hash a84c24326d41c0aa0f3fb493e4bfc856 1aaaa001532b4d7589f6e0879455f6c78699c52e 296f8cc8788197eb5fd295ca003429fe2db6093eb6388c003447a5de6f31b53e Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-cf4815fb.js	7.6 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-cf4815fb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-12 01:36:59 Times Seen14 Hash a5c888bdb9f23e6caa2be4ab6b51a122 ab069acde93615e5ccc7be7b574776c3531d7d8d 58ba1711ce4cb98aa516b12ee7777335d514e05000c6b1940c75902692f6f1a1 Loading...

	data:text/javascript,export const meta = import.meta;	32 B	2023-12-06	2024-05-20
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32:28 Last Seen2024-05-20 12:33:19 Times Seen992 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-70c9070a.js	144 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-70c9070a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 0708c03dd81cfcc30a6eb12e8d5a7192 91064268dc5ef484b6b8e073cde872c21b3a0fd1 4bb58dc9b93318e295ad055e8b4b1fce9eab0fddad1c4f72ff791283bb834ea0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-6e433cdf.js	1.0 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-6e433cdf.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-12 01:36:59 Times Seen14 Hash b9a05e5aa1c5b98c055f94570bbf4ad2 24bf68bdbe24f5b82fddbb934ad2ead865d4705e 7f6ac8faf0ffe76890d0518f7470d54e20a8b8dc92dcb433645a46aa2ccfca11 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js	21 kB	2024-03-23	2024-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:33 Last Seen2024-05-20 12:33:21 Times Seen125 Hash 598d5481ac96b9bf8013b0eb1413b8e5 cc7e3384da379a215ac43b2385e901e22ceb6327 1488ecc35389c72a3aa26d468420069f6b719db456ea82605762311da663b65f Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js	1.3 kB	2024-03-23	2024-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:35 Last Seen2024-05-20 12:33:19 Times Seen86 Hash 518e0ae196483ada8b528a1f2b7df0a1 50e66030d9aca44adb3bd7893ef3c42593e26be4 529ca09688eb85183a34a43651cad1e8fabae2a02924753d54786f3de5e85693 Loading...

	unknown	47 B	2023-04-14	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-20 12:33:19 Times Seen972 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js	141 kB	2023-03-08	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:26:33 Last Seen2024-05-20 12:33:21 Times Seen2570 Hash 896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js	77 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:55 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 4df28096a23760aa74cf3b1982ae9476 1b99d6f0622b9da8e46e85df6a0b116a8c1a9943 14e6c442824a6a4230ad98dc5046540ea35f1e7ad21b65b927495df4a54aa715 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5aac26f85449.js	372 B	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5aac26f85449.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-14 10:51:30 Times Seen12 Hash 1da4d94244cc89a54a946028d2eb3d29 f10149930729c1027544edfc80bc5cc93f36d5c0 511577657cf77e30361bdccc3485e5c33c30d0fc322f52592a7bd730ea45a6c9 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-687fd893.js	41 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-687fd893.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 9d4610cd8209d67832cf080bf61f5141 8abf1cd6de0691b6fc5c77315ed88f0a4441a3fb da2d895ba8eb08658c949976016308caf3c75c06e604495160523d09d16659f9 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js	17 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen26 Hash f2263fc2e9f9bff4572f3b1c24a80ab2 efe1b2479e2f34dbe912d9e588759b2787bbc3b9 38444c18d8c24549cc13b2de3a055976ec8f3f238e022739f0b6aef8fa74db9b Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js	56 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-13 08:08:48 Times Seen25 Hash 732bde6d360cd7be7ce9ce10044202ba c4fdecf84f6261b354240750525cb9d2a8d87d09 d46270d03f72eb032f9e205e2eedecdf65838a9f474b356b127474f73b66d347 Loading...

	widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js	78 kB	2024-01-20	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-20 12:33:21 Times Seen648 Hash dc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84 Loading...

	widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js	77 B	2023-03-07	2024-05-20
Pretty URL widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-20 15:06:40 Times Seen87696 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js	101 kB	2024-04-24	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-05-15 18:55:38 Times Seen69 Hash 51ddc52774f4e5bd6a6f1c22e9d19674 374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4 642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	178 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 06:09:03 Last Seen2024-05-10 06:09:06 Times Seen2 Hash 215c59b0bf5733e0afd86f01731df0b8 37a813f6047447c7f8e6d9cd85d1258de61a74c7 4e4dae7e1e614c53a95662266b7fd1eeb4c17e82ccb65a6fd981dd0b62f4a607 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/618b749155d0.js	481 B	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/618b749155d0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-14 10:51:35 Times Seen15 Hash 9abbe64ff2b544f35594e17905e4594c a7896739e9768216888018d2c4aec7c102e4d4a9 9f8032c080e2f3906f0c068bf43ef41084d6064f5df8be76b339fa87f7ad17eb Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-8039cb20.js	42 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-8039cb20.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-12 01:36:59 Times Seen14 Hash c0ea345b071f903a7043c7de2988c6a8 bafd23f8bec59dff22183fb4d88b226b80f10c15 b0b31f578ac49eec2681748e5752f00d7fa23634610a96b7457b1906c06f0e63 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-0c6d61ab.js	30 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-0c6d61ab.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-12 01:36:59 Times Seen16 Hash e926766cbb585164e5c23e84b7dcd1f8 197062a6a589948f0b59b654c02030461d26ab73 96ad9027d7d1330c90aef5d6e8366a6773fabe4910d674b28a7a8c9819d279e8 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-ed878a1c.js	240 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-ed878a1c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 5ff13429a94dba4fde01014c1591bdf7 1a06c2223b80f772f239ca9b43afaf9138e9f249 ac879c8f8ae127fc2be4ad3614ce26de5e7caea828b1637ae5cc1eff88be47c7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js	32 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen21 Hash f044c79cdd766337de9617cef4fef708 e09d93c3c6e5c605672e36ea0ae6ba3c71b0f4ff abbf8ee5d929d76e03e4d3b8bc13d82fdc5688908e45a8217740b3c7a0c593eb Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-43e47582.js	110 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-43e47582.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-12 01:36:59 Times Seen13 Hash e64e6103ea1b8ab52c93a9786ac2cd6b 02fad318aa11a5b8124e4edf9b2e506020c7904d fa69a8cd98ac6ed2944e28e57a4b151bf76457a430d39e48b60194f901dae4da Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js	1.0 kB	2024-03-23	2024-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-20 12:33:19 Times Seen86 Hash 8fecd56fc5520134f3c39b17431fe0c2 e0cedac030a1fcf68779a592ed9e0775beb45123 3e01dfddf1e68faa32769d615eeb0e838a29241d18a57090040c595ee05f0ba8 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-b5724bd6.js	16 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-b5724bd6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-12 01:37:02 Times Seen13 Hash 6d90c5998c2ceb8a008e3c6eef4c55e5 6b68a02d6362d6661be529eff19cf1baade8d48b b1e36624011507a84987d59ffc7f689b32e47476be990c1add266f24c00c1088 Loading...

	widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js	108 kB	2023-11-02	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:20:57 Last Seen2024-05-20 12:33:21 Times Seen2556 Hash 83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/dc17f2eac0cc.js	6.7 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/dc17f2eac0cc.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:55 Last Seen2024-05-14 10:51:33 Times Seen8 Hash 828079e9d4483fc9e3fecaf63823dc1a 75b702ec84705cb55235127c501c17b910800bee a0ea7f9b5efd018d67a7cc3341f5d4ec43af49ebd08244d4afe66f5fe155ab44 Loading...

	unknown	44 B	2023-04-14	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-20 12:33:19 Times Seen974 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js	40 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-13 08:08:49 Times Seen21 Hash 7ddea2d217f72613646d2b7eff8e9d6f ea22eb4a231ac86ed0773f58ff856e1203bed07d 42c2cd82d0a96f636d5f7289a821ad8de15c7da1e57f58c13882da2209d4d576 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3b6d4dd2b448.js	11 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3b6d4dd2b448.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-14 10:51:31 Times Seen11 Hash 5374f11801993ae8a92750d8b16bc96b 3c2b9d81b8e80ef7d2d1ca1882d040d44070a269 2c6b3eeae15fced6885475df56593ae8c51b2b6ba8b85955d0c1449cdee321d7 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/8cbffcc10c8e.js	1.2 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/8cbffcc10c8e.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-14 10:51:32 Times Seen8 Hash ff0060965e86ff641e165552e882fe24 0c4866ef6d8f64dd1a8fdc828e3695bc6a7874cf aa6edbc068ee267eb7275e78ea74a0aaf1ce4e43ddd47dae8f45bc042e8b543b Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d500be584f3a.js	188 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d500be584f3a.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-14 10:51:31 Times Seen8 Hash 8238f9de70a357db768328e170e997af f0b4f5862c04fa1c43d05b8099a77ab40eee7123 f8f64db1155d5a3ea93168df62b94bca0eb3186045bd35ca7f3443c928f55829 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/35fa91628fa4.js	24 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/35fa91628fa4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-14 10:51:36 Times Seen12 Hash 1c8f8a55f3c3a7955b08ed9c055a1b3e 3a31f8d3cbaaaf74e4616c9ab944919e0cd4c70a f900155624ef7437112d00e9a9966a755cb6588dc9c19bbed7a6de031502b8f9 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9f8e0e38189c.js	2.6 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9f8e0e38189c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:55 Last Seen2024-05-14 10:51:30 Times Seen8 Hash fd9612103f2362b8086939d1c920d9ed ab16c5cfb64711a9c8ee4d6f821dd4b262f58ef2 76211795cb4823b6483c415c53aa84a3fea3b09e114b373b468b6a09f100b9b2 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-4d6c8249.js	198 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-4d6c8249.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:55 Last Seen2024-05-13 08:08:48 Times Seen22 Hash aef3e7e835a99d3035bcd15797cfe9a8 5de336165d341c0601724e9c1051555ad1823207 25e9709b1b46caed0b4303d82fc1ed87763c84d661878f0a9e247c6e8a7c92ef Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ea8313b1f9a.js	5.0 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ea8313b1f9a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:55 Last Seen2024-05-14 10:51:30 Times Seen8 Hash 84c2ff24404b03b93539885d2c51922f b84919ac3522228d16decfae7ea3a604be6d3007 8e5061e6593e881770e5410f1b9c6119fdf87c85f66c23c0b49b350630be25b2 Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba	15 kB	2024-05-02	2024-05-14
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-14 10:51:33 Times Seen17 Hash 3e520df15f0dee47790b221cd7d47d5b a9dc00c41ac65b02bce01a2deaf9a44379f25e8d e14077003b6f51a50d2c053edcace82150b0f1b20373a11ca7dc57e4231cbf34 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-3476a987.js	20 kB	2024-05-08	2024-05-12
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-3476a987.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-12 01:36:59 Times Seen14 Hash 18d38aff5018dad1262fc227a68b5ec8 fe50b32177073c7724e8031febe4e3feef6e5f95 266f384d74ee49340d4cb0647e2bdb7c767409d7bf8cc35442a453bcf08bb8df Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3af2cf3bddb3.js	8.2 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3af2cf3bddb3.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-14 10:51:33 Times Seen8 Hash 602495277c0ee0ced5c29a01596c0e58 83d3be69a4c31f5842f3d5069f017b5f335711cb 12507115f01a204bb9e7fdc85da23fd3d32420a1804e6a8836d2978a0b0fb001 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/472977fdf26e.js	1.5 kB	2024-05-08	2024-05-14
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/472977fdf26e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-08 13:29:55 Last Seen2024-05-14 10:51:31 Times Seen8 Hash 2f5436be87ea646c3521311f827e6c73 c5b6f9de0596692143393ba273e617562984f22b 09401b26311cc1d7a0e564f32f219e190a1131b5ac9304d3f968d6e1a3d1cf2f Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js	450 B	2024-01-25	2024-05-20
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-01-25 11:06:32 Last Seen2024-05-20 11:06:29 Times Seen141 Hash 056ce527a12544a37f984ac598be2344 6946b65cf1c68960e5f9ac0900a0df66a13e7e85 cd7cdf53c803ca43a37171180d14c2374e45ab347d309f9b83a107b9ad9b4ed1 Loading...

	unknown	47 B	2023-04-14	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-20 12:33:19 Times Seen974 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

		Size	First Seen	Last Seen
	#1 Eval - b72f295b996b053c611c2409ccdde501	223 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:09:03 Last Seen2024-05-10 06:09:03 Times Seen1 Hash b72f295b996b053c611c2409ccdde501 46f57b606ada78bce173f51a4d829da0862c93b6 4f923ccaada7a7623637131b5ddb5569913cdd0a5fce11dc537423647b958697 Loading...

	#2 Eval - cca26a03a1e4860bb69939b634a823cd	33 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:09:03 Last Seen2024-05-10 06:09:03 Times Seen1 Hash cca26a03a1e4860bb69939b634a823cd 8d5214a1d6977ef264d9b33f10b7ff4cba342756 84206c2509eeb7d483ebb3e365cf22869b5cdfb1caebed76d684f0d7ba357854 Loading...

HTTP Transactions (272)

URL IP Response Size

1xlite-461430.top/polyfills.js

178.253.29.51

200 OK

0 B

URL GET HTTP/2
1xlite-461430.top/polyfills.js
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (47215), with no line terminators
Size
15 kB (14754 bytes)
Hash
9d26081d0b3d4583fb993964e34ebc20
7354028aab0bc7bf47ae19a8ad043a5b963ac9b4
9c88d5d68f360228d938c9d263160133a15c53fd5d7989317406b54a662b469d

HTTP Headers

GET /_nuxt/desktop/default/runtime-e2ae0378.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 14754
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-39a2"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f62c10caf4c327b7cc2540200950b63c-6b2f11cb63767498-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a4f501bb.css

185.244.209.62

7.4 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/a4f501bb.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54112), with no line terminators
Size
7.4 kB (7418 bytes)
Hash
32a89d535782c71f2aee2541afe97325
9ad12cc6ccd6b059073f779e9d91c6c6674e1289
ea1bc845a76d5e0e7738e217f8f0c47ac62ace9bddebba5059499b3451aa6ef8

HTTP Headers

GET /_nuxt/desktop/default/css/a4f501bb.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 7418
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cfa"
content-encoding: gzip
expires: Thu, 09 May 2024 10:53:53 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-04727037146eb263eb5aab22a46c1142-99072ff63a159c18-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:53:53+00:00, 2024-05-09T11:24:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-ed878a1c.js

185.244.209.62

59 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-ed878a1c.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64940), with no line terminators
Size
59 kB (58737 bytes)
Hash
5ff13429a94dba4fde01014c1591bdf7
1a06c2223b80f772f239ca9b43afaf9138e9f249
ac879c8f8ae127fc2be4ad3614ce26de5e7caea828b1637ae5cc1eff88be47c7

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main-ed878a1c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 58737
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-e571"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6ceb9eb5ef3206e9fa593a17b023b441-fcbba223e6ff63db-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-687fd893.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-687fd893.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (40657), with no line terminators
Size
10 kB (9958 bytes)
Hash
9d4610cd8209d67832cf080bf61f5141
8abf1cd6de0691b6fc5c77315ed88f0a4441a3fb
da2d895ba8eb08658c949976016308caf3c75c06e604495160523d09d16659f9

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-687fd893.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 9958
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-26e6"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5609760b75ee2dc27ca015d8b2e85742-87df47ae4e0da0b6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js

185.244.209.62

200 OK

9.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31683), with no line terminators
Size
9.2 kB (9211 bytes)
Hash
3ca2554a30cd9245966f39206d05ed01
b7e1bc94b6c370bc32a9b57e52dfac27264afdce
ff808bc9910f34faee9d25b4d9dcff5c145337ca0211d762b6c58a08f86512b4

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 9211
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-23fb"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4b8a6342a47e8d038443d7b7266ab887-25f2a3a5b827e499-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css

185.244.209.62

200 OK

336 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1099), with no line terminators
Size
336 B (336 bytes)
Hash
6921418ff9395c44037498a4cf17ee66
31879049279e2cb5bc06b249d80d1735ef112b19
e6de221b29f3b4e47505c877067f28565ab5e1b419dc5003aca29c49596e73ab

HTTP Headers

GET /_nuxt/desktop/default/css/a7906856.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 336
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-150"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3ca88faaa735cd18cd829e9b2e864d17-09124019a5f851b8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-09T14:03:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6716), with no line terminators
Size
1.3 kB (1324 bytes)
Hash
be35c859b4087d52ff863e02472b7438
acce1097a331dc2ec0669d17db06c679e7c81be6
af7c9af6bda4b329f14b870f4df09e1b11e87d8dba17c30eed496dc5d27dfc1f

HTTP Headers

GET /_nuxt/desktop/default/css/6cc025d5.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 1324
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-52c"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f1457f52dc56edf4ca8296360ca02aa2-3ae1eee7c20d0d86-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-09T14:03:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-cf4815fb.js

185.244.209.62

2.2 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-cf4815fb.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7613), with no line terminators
Size
2.2 kB (2211 bytes)
Hash
a5c888bdb9f23e6caa2be4ab6b51a122
ab069acde93615e5ccc7be7b574776c3531d7d8d
58ba1711ce4cb98aa516b12ee7777335d514e05000c6b1940c75902692f6f1a1

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-cf4815fb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 2211
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8a3"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0009ee0815203c04c513f38647f03639-0250d547f6357214-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css

185.244.209.62

1.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8509), with no line terminators
Size
1.5 kB (1491 bytes)
Hash
b0cd3891fe08ec67c50bbdfd9f7e9181
205511f8e55a0498e8129c290759a26ba4a4db31
75c619e9cabd7b2c1939e6837909e12c51fb3e68888ba20d650cb1939f983f6e

HTTP Headers

GET /_nuxt/desktop/default/css/98ce2926.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 1491
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5d3"
content-encoding: gzip
expires: Thu, 09 May 2024 12:27:06 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ad0f200daf1655822015e1f3b6f05211-d289db016920daf5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-09T14:03:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-8d3c6808.js

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-8d3c6808.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14590), with no line terminators
Size
4.2 kB (4204 bytes)
Hash
7399f5efa5d37b59176705a2377c2c45
5c11bebee2318c71972feafcd1a2a90ff47c5634
250ec267f3c9edf72e68005b6a91620725eebcd145c85d2c400dd7361a153ea7

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-8d3c6808.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 4204
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-106c"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d1a1c9f10868f0953f46b1b294fd29fa-344d00d2caf63564-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-23276dd1.js

185.244.209.62

18 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-23276dd1.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65113), with no line terminators
Size
18 kB (17694 bytes)
Hash
95f88aaf23013ee72af96785289d78ad
6b84c0d3300d2e3b282134783be74836ee684f4c
256749431c78a25466e1fc4b433d87efe7315ec0ae78cb94f8b481b33e285d70

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-23276dd1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 17694
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-451e"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9b35487f0c79e1242807184e100fe146-4eba3f6cb0c106c9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-4006d825.js

185.244.209.62

5.9 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-4006d825.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21430), with no line terminators
Size
5.9 kB (5896 bytes)
Hash
77615e478beec6dc548b705fc1c55c2e
2f8dbad1324027ce98da1ea4b56a23c601fe9a1b
17f9731f8dad966c8f89f8814e18699c374deff1666197abf9245d3787a12933

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-4006d825.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 5896
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1708"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-65ed5ce2b3cbb956d9fcaa887cb1a322-0c6ff69a6aef3f29-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css

185.244.209.62

200 OK

2.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (20960), with no line terminators
Size
2.8 kB (2763 bytes)
Hash
6cae6098e169876c305ca92f82fe3cde
d27c18f05738795d575c8ce370ed83cf07da0a5a
7095d096e88dd0a09d84d063de1e0eedd406b032150a5af99e796c2ac63bcfe5

HTTP Headers

GET /_nuxt/desktop/default/css/9eb4939a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 2763
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-acb"
content-encoding: gzip
expires: Thu, 09 May 2024 12:27:06 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-515f763ff0fbcaf992b68ec6c2d6aacf-42bf0e19fed783f1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-09T14:03:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/version.json

185.244.209.62

200 OK

44 B

URL GET HTTP/2
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
2cd3f78b7436d35d9fdd280a6c37a814
75c2e07d96ac86b0dc9a6d51aa04bf5a5b621390
ade3cb62a485106ca99a2f19aa6c711b36cf9a2bfabca0a8443fa2ab547805b2

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 09 May 2024 07:16:12 GMT
etag: "663c783c-2c"
content-encoding: gzip
expires: Thu, 09 May 2024 08:13:18 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cba1956ae27ee9bc73021a3618a73b61-6d1f20409a35eb5e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T08:12:18+00:00, 2024-05-10T04:07:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-6df26894.js

185.244.209.62

200 OK

3.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-6df26894.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (13913), with no line terminators
Size
3.5 kB (3536 bytes)
Hash
c5ca2aee7a66364b1976f26d36140247
54ffe1cc763bb1e43f260e4ac2de08578ff48701
b04cf8f174cc6c981df4a2f10e2a3a28ef582f8750f8afd6e6dbb89adad82281

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-6df26894.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 3536
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-dd0"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f68271a9143eabaee75396fd937abc16-dc73d1da17e9bdb0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-8039cb20.js

185.244.209.62

10 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-8039cb20.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (41616), with no line terminators
Size
10 kB (10288 bytes)
Hash
c0ea345b071f903a7043c7de2988c6a8
bafd23f8bec59dff22183fb4d88b226b80f10c15
b0b31f578ac49eec2681748e5752f00d7fa23634610a96b7457b1906c06f0e63

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-8039cb20.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 10288
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-2830"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-eb78e5a50d9d7b220b3d210c145c442b-69bf63cbe79a6fb9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css

185.244.209.62

200 OK

194 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
7f1ee7f9ec47159043591789124ec7cc
bb021131214d4b70b327355a5a947b974f2eccbd
4041bafac614e354c03b647dc8d226e140460381c4816a65528e4ba428b0a0ad

HTTP Headers

GET /_nuxt/desktop/default/css/c3d37cc4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 194
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-c2"
content-encoding: gzip
expires: Fri, 10 May 2024 09:23:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8be01518871ecc3509aa2ef30bafbd74-31722f7b6e5c62dd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T09:23:45+00:00, 2024-05-09T14:49:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-e829f008.js

185.244.209.62

200 OK

644 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-e829f008.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1333), with no line terminators
Size
644 B (644 bytes)
Hash
3d1c9a4aa6d6ce7232c9da19626fc107
ee85ed881df1aac90651e4ca11c83f3e4c374445
6822622a53f8498fff12f0381c4dcc8d7d8f5b085983bf99279214f3ac9002c7

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingContent-e829f008.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 644
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-284"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d99c4237260c57fe5cb7f07ba97479c1-737fe3acd859ed0b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css

185.244.209.62

200 OK

332 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (975), with no line terminators
Size
332 B (332 bytes)
Hash
31aa50dcbc858f61bf3ed903493b8431
abf67e7f02256d2d5c5e2054b2930aa9b5ece999
18337e3b3c6f57695afaca43e471c075fd711e0485b4e7f1fdc1b6fe4e8703d7

HTTP Headers

GET /_nuxt/desktop/default/css/885d64fc.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 332
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-14c"
content-encoding: gzip
expires: Thu, 09 May 2024 12:17:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e2ef649bb4cf1b7f9781864193417ab3-05f6dd62d46e20d0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:17:52+00:00, 2024-05-09T20:14:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-ac06930b.js

185.244.209.62

3.4 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-ac06930b.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10178), with no line terminators
Size
3.4 kB (3363 bytes)
Hash
742d0033e1d29553c749a1e323073aae
dbe09fdca88f47fa291ee1cd110bcaf1b94ae3bb
e8a1409bc1664ec9e5a3bb7fc5dcee5b19693e9188d15cc4c4941b0da0ef7797

HTTP Headers

GET /_nuxt/desktop/default/Layout.Betting.ExpressDay-ac06930b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 3363
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-d23"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7782089ad38e2bf576028ac5bc46e724-e82c494ffc2993cb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css

185.244.209.62

200 OK

3.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (31339), with no line terminators
Size
3.2 kB (3226 bytes)
Hash
9e9b190c1ab8126c2576203d5d43ec63
a80ccb6739023605edbd86be13f38a58ff7f4906
c4a28e2bbc67a853613460727d4abba3687be55593a7513a4079ea34579fbb02

HTTP Headers

GET /_nuxt/desktop/default/css/ca542d7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 3226
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-c9a"
content-encoding: gzip
expires: Fri, 10 May 2024 09:58:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4c7d0171762f353611b9a0ba49be8932-b7a253325d0342a1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T09:58:03+00:00, 2024-05-09T10:43:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js

185.244.209.62

200 OK

2.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8663), with no line terminators
Size
2.5 kB (2474 bytes)
Hash
17c159eb9f582ec9da7a4285b37349f0
652f12e3c4cfdad29cff1f06e709f0d18522d8ae
3562960610c72291435591709c1b63b69ad67f4d2462cbf180241330b7486bea

HTTP Headers

GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 2474
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-9aa"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f700ed170639ee451b123dbf4a030604-fad478da6cc696c0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css

185.244.209.62

4.0 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32277), with no line terminators
Size
4.0 kB (3964 bytes)
Hash
eeaf257a8645b90669a2ea93b8fb534e
d81289258b7a5c126dd860232760852cc8ad865e
3a170c88ab694ad7552f7a84baa04ddb248c32b7f8ffe16d55dd73685de87aa6

HTTP Headers

GET /_nuxt/desktop/default/css/85148a0b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 3964
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-f7c"
content-encoding: gzip
expires: Thu, 09 May 2024 12:55:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1ed1be84067fdf753424399dd09ef095-42042e67adb74bbc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:55:03+00:00, 2024-05-09T14:02:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-aed267f1.js

185.244.209.62

200 OK

7.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-aed267f1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (28144), with no line terminators
Size
7.8 kB (7776 bytes)
Hash
f2e1e371620e8835e0949e490cb0d4be
604919082776628a8cae272bf8679519e7e959a6
7854277ca13e6a5b17951bba0718833dec36b7740857483e17487cbec62dcd19

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy-aed267f1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 7776
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1e60"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-26148066d95c9e712d6946102c1afbd0-748256347d0aff79-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-0c6d61ab.js

185.244.209.62

200 OK

8.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-0c6d61ab.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (29805), with no line terminators
Size
8.3 kB (8279 bytes)
Hash
e926766cbb585164e5c23e84b7dcd1f8
197062a6a589948f0b59b654c02030461d26ab73
96ad9027d7d1330c90aef5d6e8366a6773fabe4910d674b28a7a8c9819d279e8

HTTP Headers

GET /_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-0c6d61ab.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 8279
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-2057"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b48a8f1c08cd7a77c9ce9598e009355c-0cb294d06cd587c5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4632), with no line terminators
Size
1.1 kB (1113 bytes)
Hash
f74d8b7e31b6ab236a9577348874385d
87091e6542649037a05fc137fa449b713c85225d
b33d72295f1edbfc13da30236c4b811cffe4ba8ef758a515914cd69cf02edbf8

HTTP Headers

GET /_nuxt/desktop/default/css/5cfdf959.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 1113
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-459"
content-encoding: gzip
expires: Fri, 10 May 2024 06:45:49 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3d29ca49cebd32efe856906c3c101f35-f668d010d631add5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T06:45:49+00:00, 2024-05-09T09:31:11+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-799ef317.js

185.244.209.62

6.2 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-799ef317.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (20015), with no line terminators
Size
6.2 kB (6249 bytes)
Hash
b9884f137bf9a4b984ed6d6076a5f912
6fa2e191fbe206a33b3ad8a6d47eb53d7c0bf9db
90d4698de2aa1516441fad988859d49ba80624cbedbc23ebd965850469f1cbd1

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-799ef317.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 6249
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1869"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9d3900eb4bec757d7da9f514c42fcb18-2617948d671acc24-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css

185.244.209.62

200 OK

46 B

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
f506188b04c16eaa9c664ed23f7ce58e
08d068d7fa5a84beb06ba924a35d84d6bfdab30a
b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9

HTTP Headers

GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3b812defb88d689dd8a4665f2ccd7a34-b4cc88e89c18cede-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-05-10T03:12:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js

185.244.209.62

200 OK

234 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators
Size
234 kB (233875 bytes)
Hash
eb4f34c1bf9c9befda1bf247f5e1df5b
334210525b8a7dad9cf37084c56194190961b67f
f6dbc277c6f693b6ce346441312122bcfd288f3c93c550e9922ec3ddc128e28e

HTTP Headers

GET /_nuxt/desktop/default/app-80fd9d0c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 233875
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-39193"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-916f528a43dd683302a240bfb40256fb-355cf697ab5216e7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9958), with no line terminators
Size
2.3 kB (2277 bytes)
Hash
76a1e3dd8e25bf9a48bdd896de779d20
38c3643e25808d1f3ab167273201eac8c113c088
aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273

HTTP Headers

GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 2277
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8e5"
content-encoding: gzip
expires: Thu, 09 May 2024 11:28:05 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2db83fb755251978d84e9c38e3ba5aed-a61fff716705f526-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:28:05+00:00, 2024-05-09T12:11:11+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js

185.244.209.62

47 kB

URL
v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
47 kB (46806 bytes)
Hash
414c44a4caf31196b27b1c5c11628879
2536bdd8d54c6f619dc0a200015d9a7b95c08f90
07a1a14bccef15bc4e72f798aa8ae3c18decb59c7ad601832305f8180d3d3b54

HTTP Headers

GET /_nuxt/desktop/default/commons/app-e695e102.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 46806
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-b6d6"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0c56c0cab343ba121ffc8cde248ef252-96da3a0a045d9e0f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/7c3945cb.css

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/7c3945cb.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
17 kB (17201 bytes)
Hash
97b6f81b90460841531e21dceae1a3f5
1116d9a217e034d8970ab1455c15e9a4d1420a14
21951b3d64319c4bc411d0b272d08f3f7d951c743b9ee4ef376091d1c24a0401

HTTP Headers

GET /_nuxt/desktop/default/css/7c3945cb.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 17201
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-4331"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f2e55318752eac541f63fd64ba39869c-ca06da14b2c11eb7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js

185.244.209.62

200 OK

267 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61101)
Size
267 kB (267284 bytes)
Hash
de196c8e650ca4c514b5fbccb5f0fc2d
fe73fce013c7cf22d6c01057981a01947484b020
27db5de650dc124db682f1dcd0bc5b018980cd52f3baaf8e4bab2d74fb9e0b5f

HTTP Headers

GET /_nuxt/desktop/default/vendors/app-7a457c68.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 267284
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-41414"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-884fafb5620bf0e8500a5bfe0d0d3bd5-e0433759dc84b1a9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-42c370bc48bfaa9d21c87e7f88ac9402-4ea2b2137da0c455-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-10T03:20:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:13:59+00:00
traceparent: 00-c43fc708eae92616daf26aa56c36aba0-5eb3688472eb6a07-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3c257f2a1f6c8b419cd8b6a18d928b6f-2a4f1ebb6f8cd461-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-10T04:02:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/check-ob.js

185.244.209.62

200 OK

187 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/check-ob.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
187 B (187 bytes)
Hash
ced67278c38d1ce1297c121af69fff8a
df6e1531fd84d956263b04254e6f94f5356623f4
2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616

HTTP Headers

GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Wed, 08 May 2024 10:15:17 GMT
etag: "663b50b5-bb"
content-encoding: gzip
expires: Thu, 09 May 2024 12:58:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-baefc51a486e18df7921def65a1806f9-6e073f042fa0be58-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:58:12+00:00, 2024-05-09T11:36:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png

185.244.209.62

200 OK

653 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4c0a2617e1f8d18b5462aa00fe9a06bc-15ab3d7e7fe9dd4c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-05-10T04:02:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css

185.244.209.62

194 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
2818ab9c6ece35261fbf658165189623
f01f8175a7a89449a1dad5f2a7df06c5866c10af
b4f0b619b6f6ece6589df376a16eae022b084640348887d3c557e20a37207583

HTTP Headers

GET /_nuxt/desktop/default/css/f5105820.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: text/css
content-length: 194
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-c2"
content-encoding: gzip
expires: Fri, 10 May 2024 09:25:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f832f20af2bf20e36da34ae81a3044c1-1bb261713f556462-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T09:25:00+00:00, 2024-05-09T18:11:06+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-0ade32fe.js

185.244.209.62

200 OK

634 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-0ade32fe.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1235), with no line terminators
Size
634 B (634 bytes)
Hash
9b4c5178b31779a0981ed2c9776a53c7
9235df453636bc042a2a1ae0f4c515056c5c5a90
8cb9638fcdeffac9470295235a3064097fb9b59e73b95ec8102c6bb663d980d8

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingContent-0ade32fe.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 634
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-27a"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6b4a922d92ea379693978e7626fb21ce-2cd3d0b7ecb0c773-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:31+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-7f844954.js

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-7f844954.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14574), with no line terminators
Size
4.2 kB (4193 bytes)
Hash
d33ee67d9f23dd62c456193b4e764eb9
f6d942295c97dfa39f4a924d0256969ccbed9c62
1e80290f86bdfedcb79a9f94f3eb27f309047d2bd580d874822aaaeac3675e71

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-7f844954.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 4193
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1061"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2fded3dca9936f951e3273fe26c1869e-ca29469a0ca8c6fe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css

185.244.209.62

1.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6872), with no line terminators
Size
1.3 kB (1331 bytes)
Hash
7727cc93d85a2459297f9b1237fc6a92
f37f7a3ec3d30df2513a38dd2c67fefaf038edec
e4559060670fd8cf92ad4e830ae9237d2bbc735470f4597ad5d943388d9248d2

HTTP Headers

GET /_nuxt/desktop/default/css/2a37879e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: text/css
content-length: 1331
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-533"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:57 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-852854402a2645832601b31a062c923d-4fd7842ea90f829f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:57+00:00, 2024-05-09T15:24:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-e9231dc8.js

185.244.209.62

11 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-e9231dc8.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (40117), with no line terminators
Size
11 kB (10688 bytes)
Hash
0644769b808fa59af4beda42788b2e66
266dd9b95b442a01759242a55a117d083cbac67d
7f2a8da86462ef570ba1c5abe327880bcea5ec510160ea6f590a066e1a5bc6ce

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-e9231dc8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 10688
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-29c0"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-49daadd59de07736a197f2a2385ea5ad-9e42e1bf64da2f81-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-70c9070a.js

185.244.209.62

37 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-70c9070a.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65461)
Size
37 kB (37176 bytes)
Hash
0708c03dd81cfcc30a6eb12e8d5a7192
91064268dc5ef484b6b8e073cde872c21b3a0fd1
4bb58dc9b93318e295ad055e8b4b1fce9eab0fddad1c4f72ff791283bb834ea0

HTTP Headers

GET /_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-70c9070a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 37176
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-9138"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cbdf10812354967a264c2e42b00e4f9a-373fa4aee4b7026b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-36c334d6.js

185.244.209.62

10 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-36c334d6.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (36639), with no line terminators
Size
10 kB (10104 bytes)
Hash
67d8ed132b1ddc0c303fd8f75f32b471
cc7d93fb03efb29743c787d310d0f0350740ca94
7221c0785ae9cc81866e4a8b7638fbeef6df772b59a60ec529e5db68a2c62117

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-36c334d6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 10104
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-2778"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4b5a01114c52bbd6b9c52b2aee3b1292-328fddddb0333b6d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-3476a987.js

185.244.209.62

5.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-3476a987.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19536), with no line terminators
Size
5.6 kB (5573 bytes)
Hash
18d38aff5018dad1262fc227a68b5ec8
fe50b32177073c7724e8031febe4e3feef6e5f95
266f384d74ee49340d4cb0647e2bdb7c767409d7bf8cc35442a453bcf08bb8df

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-3476a987.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 5573
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-15c5"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-19f514839bfe26c1df4b28dcb2a2ec0a-878172d9a8c924ed-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a1bf72f5.css

185.244.209.62

6.7 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/a1bf72f5.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (53183), with no line terminators
Size
6.7 kB (6677 bytes)
Hash
4501125cd5c80c2b8acf7af843956d66
b24a3be842323cc3d17a708ff48bb84dcb652041
ec51d38db21ace66a188f18b6ae3b5a76254c28f379aaa6499bf2c79626b8820

HTTP Headers

GET /_nuxt/desktop/default/css/a1bf72f5.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: text/css
content-length: 6677
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1a15"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-80f8dd8fc08b970d38225f186180b74f-154840b8e0a7b06f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-3636738c.js

185.244.209.62

200 OK

33 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-3636738c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64912), with no line terminators
Size
33 kB (33094 bytes)
Hash
1f7da36659a544fba17a29cffa971076
5c97a256ee06a1f642721e924aaf92fc6e8012f7
7283f446334be010ae677213a0b827a2e993e298bf023a85e87577edd2216c2d

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage-3636738c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 33094
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8146"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e195e43ab52f9ba943c59e8407c5e6e6-c12d722116e599b9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css

185.244.209.62

4.8 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (38649), with no line terminators
Size
4.8 kB (4780 bytes)
Hash
8ab5f1e804e2a4565dea164054ff0907
7ee2bea2c9dcb6424f707c35588a316a249270fa
ce3424802faaac382a0efe23fbc285123fae95d0461ecf26e4881e1907acd9ec

HTTP Headers

GET /_nuxt/desktop/default/css/f72f2b10.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: text/css
content-length: 4780
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-12ac"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-441acd973517b67856dc0d1f8edef92d-0c6e8115604af2a5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:58+00:00, 2024-05-09T15:24:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-56ecd176.js

185.244.209.62

200 OK

29 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-56ecd176.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64788), with no line terminators
Size
29 kB (29394 bytes)
Hash
07244b6ad35d8802c10a1c5fd37712be
1b41f323c8cf0006dffb57939104bf1da14b9f6b
78be75ea68fee2170ba434351d695ad2be458c1cf6a819a96e1fd932c4b2c8a1

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.Asian-56ecd176.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 29394
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-72d2"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6a9ec835aebca1e978377a8b74c3a606-6c415257f8838dd1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
22 kB (21899 bytes)
Hash
4df28096a23760aa74cf3b1982ae9476
1b99d6f0622b9da8e46e85df6a0b116a8c1a9943
14e6c442824a6a4230ad98dc5046540ea35f1e7ad21b65b927495df4a54aa715

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 21899
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-558b"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5be663b9bbce8ae1e5f9c0f37d711274-51afe2251564e389-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js

185.244.209.62

200 OK

4.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12527), with no line terminators
Size
4.6 kB (4556 bytes)
Hash
8113ecbe1d6d4c8904ce977109730f08
70cd411e85297f2d6dcccffba8f633e3c609ca5f
1349cb7987b5ebae2dc20a5ad955120b8983b0059549cd7f3b0db5dbf1c89ce5

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-11cc"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-98cd7ce5ef4a0c80c0c74fdacfcf3aa6-04a0931c9c390b26-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css

185.244.209.62

953 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3352), with no line terminators
Size
953 B (953 bytes)
Hash
748da80084597d87b4ff5e98b017b07b
db6ad2ec24bfcbe751a23061d935403e1163f471
4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24

HTTP Headers

GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: text/css
content-length: 953
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-3b9"
content-encoding: gzip
expires: Thu, 09 May 2024 11:05:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-307d64a2966464d846fb894a71d6495d-330f4c8baeb5bdc8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:05:15+00:00, 2024-05-09T15:40:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js

185.244.209.62

8.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26717), with no line terminators
Size
8.1 kB (8055 bytes)
Hash
5e555ad28a7c695afb377a8855610652
8f195d8ff18e3e2d1105587315d8d3102650bf3a
b90b7ba895ec988a0b72b9fd21ccc3d8e1d1cc4035f57fc47be6fb00e32caacc

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1f77"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fb565b19aace1f10315c1b3cd982aa01-ef6385c8ce58bd0e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js

185.244.209.62

200 OK

2.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6960), with no line terminators
Size
2.1 kB (2121 bytes)
Hash
426b4077094d2bf6f0f1feab6aaaaa40
b6ac46785f2225c76aaf65d152456765df824887
864bc0a49b9b457b62b65a8902f9f07305e5010d46df4cc5416dfb8b028c2c09

HTTP Headers

GET /_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 2121
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-849"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-80120cd5e40f2ed91be7e702e9a5041e-135e55239e310aa2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:19:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js

185.244.209.62

999 B

URL
v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2336), with no line terminators
Size
999 B (999 bytes)
Hash
55a903571af1a626a07aa8e6a5d83e1e
744db188996ec7ada8c219355d471d2ed347a9a2
ebd3f27093e1a541034d9c46a308f1273e0480bbeaaccf70f638e95f663c95e6

HTTP Headers

GET /_nuxt/desktop/default/DC-fcb3e9b4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-3e7"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7acb95a22f85d5383832c1b5c818626c-ff2c311184c1bf6b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285

178.253.29.51

200 OK

141 B

URL GET HTTP/2
1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
141 B (141 bytes)
Hash
bd9be2fa89d26e9e6f1b2e08ffcd0ed6
90eae25ee792254c7ca97e98c5782078f9bdc37f
c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 730
x-request-id: a17cef70e6725d52d2ac64f0b736347d
x-request-guid: a17cef70e6725d52d2ac64f0b736347d
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.1880397796631, wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/web/v1/config/actualDomain

178.253.29.51

176 B

URL
1xlite-461430.top/web-api/api/web/v1/config/actualDomain
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
176 B (176 bytes)
Hash
e90508cca101d9cb990de4c1ac272162
f2eff8d50f5d46fb966acd5ce6eae0e6928698f5
11d2a39f89bd0f2c2d4bce0007c223e73a00e54ac7423b3eff9ceec40b477e99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=44, dt_total;dur=48.293, wf-uht;dur=0.061
set-cookie: SESSION=9f380f46355365c8b1352b8a6ff35e0b; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-16aa40592691fbb9ea2dbde8226fc5c3-d1f9112805230ef7-01
x-dt: 285
x-time-ng: 0.047
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js

185.244.209.62

200 OK

1.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2508), with no line terminators
Size
1.6 kB (1645 bytes)
Hash
a961fc2d8c225c0cc2dc814175a9d9e4
9293a62e3d0f4ab392dfef6f7f7172cb9889a724
a33381e13222f9cb4ab741177e3ad9ed83e3eca14864fac385a8fc4440ff2d90

HTTP Headers

GET /_nuxt/desktop/default/Betting.Core-f89d33f6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 1645
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-66d"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-50cdeaf5036b0ec15ed21ea3767855af-55b239d6f5fd112d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3230), with no line terminators
Size
1.5 kB (1451 bytes)
Hash
5233ff069edca79a361c0b2b198b55cc
ba4364baebab13117998653f970a92b8ee07f900
c738fe5d4a58cfa5164ec13724b158a0021645987ebb534e1a230895b48b2e56

HTTP Headers

GET /_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5ab"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-450f546e3bad29c2c98b7caf9662f801-c11694ee7bc2649a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-45d015a5.js

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-45d015a5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3073), with no line terminators
Size
1.3 kB (1321 bytes)
Hash
d480de5fb5e98ac782b0bd0f059e76f0
4c835740fa9f633deed7fba057d32b6d9ada360a
d283c64ddc00ff6250739d80df5c2dbc126fedd3731ee5fa1611d70a27b4d6d0

HTTP Headers

GET /_nuxt/desktop/default/ioc.dependencies.18-45d015a5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 1321
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-529"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-88a0c4a2829d878d170af40185c5516c-435ebb4218f09dd4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json

178.253.29.51

200 OK

7.9 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
7.9 kB (7861 bytes)
Hash
eec4805fe0f6e17d5ade92a382f5b068
ca6a26fe8ea31e66c0bef88c4e7f489dce9f9a4b
b50904054641c30b6b4ee7ed4290b52022825f2e9e9e3a4a060b8ecddf28c898

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-6b906b26.js

185.244.209.62

200 OK

7.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-6b906b26.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (31338), with no line terminators
Size
7.7 kB (7710 bytes)
Hash
7462c3ce706e3a0439d52dfd83b79f18
7fcb3c23faccec9e4ef977d403cd600ed9d47159
28be8165dfece6660276495ac167ab5161021d9f7b2159e7929e76f1a64f0a16

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.SportMenuApp-6b906b26.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 7710
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1e1e"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d50273fa3780154f978e656fd9a0b184-c0849500868399bd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css

185.244.209.62

200 OK

3.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (22886), with no line terminators
Size
3.0 kB (3006 bytes)
Hash
f1e1bb557e1155bf9c70751dec445176
013c5224a1bbbf0d6603f25e31863aa90f279b40
7aa1af5184d161c5f279c0da3199cef2dfc0aac5e90cce3e880f1f89401a0a15

HTTP Headers

GET /_nuxt/desktop/default/css/ad481252.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: text/css
content-length: 3006
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-bbe"
content-encoding: gzip
expires: Thu, 09 May 2024 12:29:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-31d09a4bae13119d17ecdaa0ea92e64e-129ab61151a71444-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:29:18+00:00, 2024-05-09T17:15:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-43e47582.js

185.244.209.62

25 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-43e47582.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65483), with no line terminators
Size
25 kB (24936 bytes)
Hash
e64e6103ea1b8ab52c93a9786ac2cd6b
02fad318aa11a5b8124e4edf9b2e506020c7904d
fa69a8cd98ac6ed2944e28e57a4b151bf76457a430d39e48b60194f901dae4da

HTTP Headers

GET /_nuxt/desktop/default/betting.SportMenuApp-43e47582.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 24936
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-6168"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bd3351c0c26914bd49337e24848973ca-2e86627fd9624ec3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-81e2f8d7.js

185.244.209.62

7.4 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-81e2f8d7.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (27479), with no line terminators
Size
7.4 kB (7381 bytes)
Hash
0b17cf75462948eeaaf7ece70cd5fba2
aebbba96a756cf09ce6a16de9e70c683b5de001d
32c6603817e972bf1aee9f736061fe43218fd74789ae76cb4cf7383176e65229

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.HomeSliderComponent-81e2f8d7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 7381
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cd5"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7bf8396bbd0c6c701a21cae83ab6f596-364cc0bf918b7596-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-09T11:21:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85022173.css

185.244.209.62

200 OK

1.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/85022173.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9757), with no line terminators
Size
1.7 kB (1731 bytes)
Hash
d9ff2bf37891da2be05d7fd5442113f5
419f63a7b47f983139a1cdc040707ab4b90bc255
05d90d1e2368c45cf52f0796d76035b98b8ab02ff57d218005ddffbfc20963c5

HTTP Headers

GET /_nuxt/desktop/default/css/85022173.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: text/css
content-length: 1731
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-6c3"
content-encoding: gzip
expires: Thu, 09 May 2024 12:56:04 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-06a50b997732b1a696750e6b9b4c7d24-b1773d08777a6b4c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:56:04+00:00, 2024-05-09T17:33:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a05707a0.css

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/a05707a0.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6442), with no line terminators
Size
1.3 kB (1308 bytes)
Hash
2b7cd76d45868e18a22be501f214c7c2
e2799c9711adb4b6b850f39a90d3b074878e2c62
81499263837bef8f4f0ea4015d21a7895e9a51ede856b8b40d9b2240c99fe7c9

HTTP Headers

GET /_nuxt/desktop/default/css/a05707a0.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: text/css
content-length: 1308
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-51c"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-de84ae8ea8a6e2587fcda125a4bb7905-cbf41cc5da3f1bb3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-8f216f08.js

185.244.209.62

7.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-8f216f08.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (24523), with no line terminators
Size
7.6 kB (7592 bytes)
Hash
a84c24326d41c0aa0f3fb493e4bfc856
1aaaa001532b4d7589f6e0879455f6c78699c52e
296f8cc8788197eb5fd295ca003429fe2db6093eb6388c003447a5de6f31b53e

HTTP Headers

GET /_nuxt/desktop/default/betting.HomeSliderComponent-8f216f08.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 7592
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1da8"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-568c49dd0140ee7752a77c0f1b168d6f-ab11f7a20bc1fa36-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-09T11:21:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css

185.244.209.62

200 OK

459 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1526), with no line terminators
Size
459 B (459 bytes)
Hash
97fdf5b6e7dfddf6ab251e984133b2c3
bb552fe685c52c34e0ed91e4dfaa9df2675ad086
92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3

HTTP Headers

GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: text/css
content-length: 459
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cb"
content-encoding: gzip
expires: Thu, 09 May 2024 11:05:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9c23df704cd23471a9e39ae4ddf92747-103a7b3a3e2494df-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:05:33+00:00, 2024-05-09T15:53:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js

185.244.209.62

17 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators
Size
17 kB (16832 bytes)
Hash
732bde6d360cd7be7ce9ce10044202ba
c4fdecf84f6261b354240750525cb9d2a8d87d09
d46270d03f72eb032f9e205e2eedecdf65838a9f474b356b127474f73b66d347

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.media-49c46e45.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 16832
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-41c0"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6846e4ee6324dd730f31c65766742170-b6c6804ed8b03618-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-96d6b2c1.js

185.244.209.62

200 OK

19 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-96d6b2c1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65283), with no line terminators
Size
19 kB (18951 bytes)
Hash
0fcfe75628cf7cd25fa643bfefbf5940
2d7d246eb52fbc3a2420db7a8bfa1d54e5b480fd
bbb5b77e24844a594d4084e394bfa0348081335c28a3a4d172ac5ff83cdabcea

HTTP Headers

GET /_nuxt/desktop/default/betting.CentralMenuApp-96d6b2c1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 18951
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-4a07"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2244acce1b9d209f3bd2db0717ace193-576db56f888d8888-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7000), with no line terminators
Size
1.5 kB (1486 bytes)
Hash
f379bc6f4b94f34d96f6fe51159bee63
f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60
b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11

HTTP Headers

GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: text/css
content-length: 1486
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5ce"
content-encoding: gzip
expires: Thu, 09 May 2024 14:34:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-93c94dc813f5c682f16f3364935cd987-5b823163f1789b4a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T14:34:40+00:00, 2024-05-09T17:15:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js

185.244.209.62

4.7 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16761), with no line terminators
Size
4.7 kB (4727 bytes)
Hash
f2263fc2e9f9bff4572f3b1c24a80ab2
efe1b2479e2f34dbe912d9e588759b2787bbc3b9
38444c18d8c24549cc13b2de3a055976ec8f3f238e022739f0b6aef8fa74db9b

HTTP Headers

GET /_nuxt/desktop/default/betting.media-29872be3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 4727
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1277"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f7da9f1c3d1bede71d9fca6150279470-de87f51ecf70b837-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137

178.253.29.51

200 OK

222 B

URL GET HTTP/2
1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
222 B (222 bytes)
Hash
e7c940228799d1f96695b328e468ca9c
e5af05addc5a54aa316d8ead06c15e886aea6561
84626d0f6e1da40ed88e58d4d8e6d2998e2cbce21bc197b7b6a66305e94ed867

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/json; charset=utf-8
content-length: 222
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

1xlite-461430.top/session-api/sessions/user

178.253.29.51

200 OK

16 B

URL GET HTTP/2
1xlite-461430.top/session-api/sessions/user
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
646b2e82b65602d35f7aa6283c387e3a
b163a70c5df8e4b0861a23a04f8a6f78393747f4
b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.1131763458252, wf-uht;dur=0.009
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en

178.253.29.51

200 OK

2 B

URL GET HTTP/2
1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=10.84, dt_total;dur=12.370, wf-uht;dur=0.021
traceparent: 00-fab8d20b7414334f34e1711a148060ca-c415d35c1e7627a5-01
x-dt: 285
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css

185.244.209.62

97 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
97 B (97 bytes)
Hash
9deb70dd3fbdc7061ed21c5632fbc55b
22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8
be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9

HTTP Headers

GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: text/css
content-length: 97
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-61"
content-encoding: gzip
expires: Thu, 09 May 2024 16:43:21 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c235b401055c29301b0b02a6e7a82a07-9889cc13ca288314-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T16:43:21+00:00, 2024-05-09T14:05:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/v3/bonuses/first-deposit

178.253.29.51

8.7 kB

URL
1xlite-461430.top/web-api/api/v3/bonuses/first-deposit
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
8.7 kB (8745 bytes)
Hash
6c497f6fefa1ff03d2b3f026ca9ea1b2
67708749c2923ee8fb64f119bfe6601df89cc754
62d6341764aac9fa45a7c7c304e969a0408d60f679d5142d0faa28e178d132c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=20, dt_total;dur=33.529, wf-uht;dur=0.044
traceparent: 00-db72916f7eba3f38f5f23a962b00e89d-107a0eb7066ee021-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.030
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6262), with no line terminators
Size
1.5 kB (1505 bytes)
Hash
09f1bd90913ad83743065cc13ee3e0c6
0f1d49d4ddfccf474d882839c1ac901a8c1d91e6
b0222e16baaccc20a1143166da7715bbab586f1d8d8bebf26f91e98738a55a92

HTTP Headers

GET /_nuxt/desktop/default/css/25e24e18.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: text/css
content-length: 1505
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5e1"
content-encoding: gzip
expires: Thu, 09 May 2024 12:29:28 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e11698807db8f121cfc76445222fe06a-8a22c5542b7855dd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:29:28+00:00, 2024-05-09T16:39:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.334/285/common.svg

185.244.209.62

200 OK

81 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.334/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
81 kB (80669 bytes)
Hash
a5e6c7cb3dc6f80ffa8b7725ce9f0258
bf609fa93aec5b1b7319f6915fa5476ad50ae2a9
a39a263f5e16fe65dfb58e66500bdd4346f96a51c35dd8b5cc896952a4f0d164

HTTP Headers

GET /sys-icons/1.0.334/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ff91415a207a3a7b3fe75b695ac2eab8-92eceaa672ca39d8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:04:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-6e433cdf.js

185.244.209.62

200 OK

578 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-6e433cdf.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1003), with no line terminators
Size
578 B (578 bytes)
Hash
b9a05e5aa1c5b98c055f94570bbf4ad2
24bf68bdbe24f5b82fddbb934ad2ead865d4705e
7f6ac8faf0ffe76890d0518f7470d54e20a8b8dc92dcb433645a46aa2ccfca11

HTTP Headers

GET /_nuxt/desktop/default/betting.coupon2-6e433cdf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 578
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-242"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-63165dadbc520956fed8c3d35d545a9b-5692def25d9f1610-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

200 OK

258 B

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
258 B (258 bytes)
Hash
6b410dd2c07ab8dc7ea3612945386685
9d9b746ddabe121ffedb7dff9e0aff03b92998b1
aa7e649282a2bbf5af23394e678496503278768e36b9f21c74ebe474806513e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json; charset=utf-8
content-length: 258
cache-control: no-cache
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:15 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.51

200 OK

2.4 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.4 kB (2423 bytes)
Hash
30042142454e96ac867d4031669d7245
a299d6fcdadd98f2687068b37d5fca82115644a4
230c1619772081d6c252507eeec6a5b52ec71b2fa5b98746ae1415e256dc6d7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json; charset=utf-8
content-length: 2423
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:15 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

1xlite-461430.top/sys-betting-app-front/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba

178.253.29.51

200 OK

56 kB

URL GET HTTP/2
1xlite-461430.top/sys-betting-app-front/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
56 kB (56215 bytes)
Hash
1965ec90727e97bf5eae67c60dda4653
c63ce6ca8deceb64e487202af558a6b8015f7e56
7441f2c2046c2f20f6f01aa53c4e4d4e1e996b4f57a5c5bbb95bc6866b1e6a3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-betting-app-front/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
mf-render-mode: json
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
content-encoding: br
server-timing: total;dur=37;desc="Total __BETTING_APP__", dt_total;dur=76.698, wf-uht;dur=0.096
set-cookie: tzo=3; Path=/
traceparent: 00-e74e6d67e58be527d5abd6b0f0fd30a9-84c2f8b57ea775c0-01
vary: Accept-Encoding, Accept-Encoding
x-dt: 285
x-time-ng: 0.059, 0.078
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg

178.253.29.51

296 B

URL
1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
SVG Scalable Vector Graphics image
Size
296 B (296 bytes)
Hash
b1bf63d00887bb0354e9d89c7d790a01
2d64ab25c9afff682abd6732f62ba62a197e972b
a6a4fbbd99a0a82de03f05da827ccd9d019574bf3450727530403c2b5ce92df0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: image/svg+xml
content-length: 296
last-modified: Fri, 23 Feb 2024 10:03:47 GMT
etag: "b1bf63d00887bb0354e9d89c7d790a01"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg

178.253.29.51

200 OK

506 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
SVG Scalable Vector Graphics image
Size
506 B (506 bytes)
Hash
9c340eae608db0c25657b4a73d769afe
988fbf333a2e9290211cd9e6b7c98c59719012b0
b92e969acd8a1e0f9cfd1f84080ca5ccb8cb49b105299434c275a8813faf841e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Fri, 23 Feb 2024 10:03:36 GMT
etag: "9c340eae608db0c25657b4a73d769afe"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-e553050a.js

185.244.209.62

200 OK

366 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-e553050a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (416), with no line terminators
Size
366 B (366 bytes)
Hash
5a59e1a877dfffd934287be20d74fb8f
bd4f023b5d180689555d1185a1167a825549781d
2b2960e941dd6a85aebdfc7cefa2b4352fa3c462de8ade94656a97e1336f3aaf

HTTP Headers

GET /_nuxt/desktop/default/DownloadAppWidgetAnalytics-e553050a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 366
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-16e"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:47 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1b1ce1ea5a0f9dbcff188fe619028cae-4e5cd30da696d2a4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:47+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

200 OK

23 B

URL POST HTTP/2
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
7b5b631ab1bb3314e3ba7a76ca17808d
6dddf5c16b220ce166ff8bd105930b171386c890
db294657777eb5b59c87a1eafa341fd0e29c9d371a2a784ca11a39562955bc36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Content-Type: application/json
X-Lang: en
X-Uuid: e11671d6-13d5-4dd3-a5be-ddfb46eee94e
Content-Length: 81
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

1xlite-461430.top/checker/redirect/stat/run/

178.253.29.51

200 OK

5.6 kB

URL GET HTTP/2
1xlite-461430.top/checker/redirect/stat/run/
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
5.6 kB (5608 bytes)
Hash
741934b89418d344f6b45d01fe7ddae7
2875d1bff3ba4850c36d335664cb596c17eb6fcf
488059f86ea7968767b02087d83b3e500aa5b3686e6b2522d967ff80eb6c6af9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-time-ng: 0.000
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5638), with no line terminators
Size
1.2 kB (1193 bytes)
Hash
be85f100312ee4f9396b6e89cbcb0fef
3934783d38d182ddcaccfdedbbe4fb65c266864c
06a9b859f60f7872c7beaa8286d3c1f45708dd0e1dee20f4c0d55c8719cc2983

HTTP Headers

GET /_nuxt/desktop/default/css/0e3e1e8d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: text/css
content-length: 1193
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-4a9"
content-encoding: gzip
expires: Thu, 09 May 2024 12:29:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5545a5b51b3efa7042bc5500ca2e9184-7f435d765504acb1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:29:37+00:00, 2024-05-09T15:46:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-42a0f4cc.js

185.244.209.62

4.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-42a0f4cc.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12039), with no line terminators
Size
4.1 kB (4123 bytes)
Hash
40cbeb3b1fadfd3c0235beaf250dd48e
8fdbbea7d2085d6562e95f0530c17fce06fcf60c
72b4153b971c2a2d3093a986bbdf30b739dfa03fac8a292e9a98a55e1b97a1b4

HTTP Headers

GET /_nuxt/desktop/default/DownloadAppWidget-42a0f4cc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 4123
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-101b"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:49 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9dfdbade8d00130cde17b050790aa2ac-679353c8aa989b18-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:49+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp

185.244.209.62

200 OK

7.1 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
7.1 kB (7066 bytes)
Hash
14b81bb2a70130c395b98ba4cb1f4a3a
378094090781a2d412f234bff2bb311adf0a22d0
11128b17e044b6dfe4d716c11854e95486c9e942a942064c82968f6a34c777bb

HTTP Headers

GET /sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 7066
last-modified: Wed, 04 Jan 2023 07:42:08 GMT
etag: "14b81bb2a70130c395b98ba4cb1f4a3a"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b7a31e64ee8bfd28ce7211f016336721-b1abb60990e3fd10-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T00:05:10+00:00, 2024-05-10T02:20:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8520.webp

185.244.209.62

724 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/8520.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
724 B (724 bytes)
Hash
06b5a068bed863240517988a495b9c0d
a74fa37b991acdbb5524296b0c63ef0f29d3a37b
cd1899369881312ff6259adcade0793a0fd53370a83c3a70ffc4f74a5f641a82

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8520.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 724
cache-control: max-age=94608000
content-disposition: inline; filename="8520.webp"
content-security-policy: script-src 'none'
expires: Wed, 27 Jan 2027 21:34:10 GMT
x-request-id: 4905dee56c2247cd45bc250cb73eaa37
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-de73e215ff5c6e3ba4ca7ba71b3b3519-008d808d035706c7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-28T21:34:10+00:00, 2024-02-04T12:11:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8512.webp

185.244.209.62

200 OK

794 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/8512.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
794 B (794 bytes)
Hash
aa0e295ad33f4867c844ab7f97e23f0b
fc337f8591ce3d69324c2fe3c9e4cac511dcb25d
352c956a5459c06c6cfa112890594b6270e647e5e2c2e14a95162ade521b6b17

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8512.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 794
cache-control: max-age=94608000
content-disposition: inline; filename="8512.webp"
content-security-policy: script-src 'none'
expires: Mon, 03 May 2027 00:09:25 GMT
x-request-id: 11d3ac4f252e14979d8f73fcefc16afe
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d7c0067ffa8ed518118b0cd8a35b3647-5e9c98ff100f8750-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T00:09:25+00:00, 2024-05-06T08:06:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/4098.webp

185.244.209.62

200 OK

686 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/4098.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
686 B (686 bytes)
Hash
388bc3d96e04cae724f1ba496f057bb0
8d3f7bc408f501ed7e1df10014f81d22d7fc14ec
d04b915d1504e6e72c683e089fe0f1eeffe79aaab7d7c1b8da120af340f15c03

HTTP Headers

GET /resized/size16/sfiles/logo_teams/4098.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 686
cache-control: max-age=94608000
content-disposition: inline; filename="4098.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 11:19:23 GMT
x-request-id: fbc084657b883b85a652a49f98ea599e
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ade881bcc2fd87e186ff70a52b9d95dd-25bb32f5c3eb4611-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T11:19:23+00:00, 2024-05-09T07:02:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/config/getVideoAccessConfig

178.253.29.51

200 OK

3.6 kB

URL GET HTTP/2
1xlite-461430.top/web-api/external-api/config/getVideoAccessConfig
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
3.6 kB (3559 bytes)
Hash
cb0bc8eedc642fc591c0eef57e6c67e5
6c62aeececef0a5ff474bb21bf569ad8d48f6bd0
c57136f602923fc19534e58f7da5a483616d80031222372e19a29fd6f22b0a0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/config/getVideoAccessConfig HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=19, dt_total;dur=23.213, wf-uht;dur=0.035
traceparent: 00-f117503297db2c122f844f1ad5c35f3d-13d2be429b8399d5-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/1026819.webp

185.244.209.62

724 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/1026819.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
724 B (724 bytes)
Hash
b68b6e510d3156c755c4c6d163796d4e
9db4fbe292eb32134e3cc622d654ac562725a22b
7006b34f269f6a4cb56a98f9ceffb1b3c9bbcc2ede7ca7f7df621c557b74d475

HTTP Headers

GET /resized/size16/sfiles/logo_teams/1026819.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 724
cache-control: max-age=94608000
content-disposition: inline; filename="1026819.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 14:06:18 GMT
x-request-id: 7909c10259a92d1db3ffbaeda5521f3b
x-time-ng: 0.044
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2efaee067c3a3ce05359467d54104cf2-29fa3604209d0527-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T14:06:18+00:00, 2024-05-09T13:46:06+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/817749.webp

185.244.209.62

200 OK

790 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/817749.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
790 B (790 bytes)
Hash
3e062729b519bc9cf34ed07e6cd07289
ea0213d92079934e0e1aa89149252f938c8572cc
2d2b511142cf59ff2663217ea2bad0d45edbfdcad0498782a983d2d84b857fdf

HTTP Headers

GET /resized/size16/sfiles/logo_teams/817749.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 790
cache-control: max-age=94608000
content-disposition: inline; filename="817749.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 19:48:51 GMT
x-request-id: 884afe57ab9c14700aeae8b82cbfc476
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d0358b915b6847bb502a54aadb314fd0-b6a8e8e2333cc0af-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T19:48:51+00:00, 2024-05-09T13:46:06+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/5e30c26e0dd6460de700a622f1205786.webp

185.244.209.62

200 OK

752 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/5e30c26e0dd6460de700a622f1205786.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
752 B (752 bytes)
Hash
3a2af7c3f364401f5f8a6fae60c32bc7
44d48c00fdf8771d3472dae2532c400ffed4e554
97c6044fbbbe17db1a66eee6a1973af24bb25d1a88f352743b93d5db4827d687

HTTP Headers

GET /resized/size16/sfiles/logo_teams/5e30c26e0dd6460de700a622f1205786.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 752
cache-control: max-age=94608000
content-disposition: inline; filename="5e30c26e0dd6460de700a622f1205786.webp"
content-security-policy: script-src 'none'
expires: Mon, 10 May 2027 02:42:40 GMT
x-request-id: 662e6fed9140d14d5bec5b1365cb7c91
x-time-ng: 0.028
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c6968d0eae98af56c6e5f76fd21b0951-0ec59bf1e5d1dd3c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T02:42:40+00:00, 2024-05-10T02:42:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/29e139358d338412a155b970bbe13bc3.webp

185.244.209.62

200 OK

772 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/29e139358d338412a155b970bbe13bc3.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
772 B (772 bytes)
Hash
89b52c3722c34bdfaef1862b626b4bed
1587e4b4f1db5315ff55e423916be2a4e1e818fa
79946cac49506a59ee2e636a29a9666ff59a3d578f184e31ebacd86d0f7d7bf4

HTTP Headers

GET /resized/size16/sfiles/logo_teams/29e139358d338412a155b970bbe13bc3.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 772
cache-control: max-age=94608000
content-disposition: inline; filename="29e139358d338412a155b970bbe13bc3.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 13:56:12 GMT
x-request-id: c0bd2ece6de02c7272f639796a24fbf3
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2cfff0e5b320a56549aaac141307f69c-44f618d0fc9f30d2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T13:56:12+00:00, 2024-05-10T02:42:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/10475.webp

185.244.209.62

200 OK

812 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/10475.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
812 B (812 bytes)
Hash
6aa564dcd488757c46c2a4e6533673af
86b1761d1a0a3f1dfe9c0ced5daa63ccce94c3dd
a80facdd8a5c1f6eb8578bc45cf74184e38ee4f2e978d0007bdbe056b140117e

HTTP Headers

GET /resized/size16/sfiles/logo_teams/10475.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 812
cache-control: max-age=94608000
content-disposition: inline; filename="10475.webp"
content-security-policy: script-src 'none'
expires: Tue, 23 Mar 2027 06:05:43 GMT
x-request-id: d4ebfc15a3e6661b3ed27c0d66c1b88c
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7b2ecc081c49e40f17ab71402ec3b108-64886ee11e9001c4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-23T06:05:43+00:00, 2024-03-26T14:49:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/10493.webp

185.244.209.62

200 OK

766 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/10493.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
766 B (766 bytes)
Hash
e26a343effe760e8da709e2a0fb91567
26167e7247761e0ec62168c63b546660d6454889
32d5fc746e3a9c1d620b428eb5a0ade23117c712aa1ed134066dbaae5d11fdd8

HTTP Headers

GET /resized/size16/sfiles/logo_teams/10493.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 766
cache-control: max-age=94608000
content-disposition: inline; filename="10493.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 13:39:34 GMT
x-request-id: 902ddd16dff0fae579db360912817c83
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-17385f5849cb585c93c614f3ce70522f-ff7acc999b75bdb7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:39:34+00:00, 2024-05-03T11:10:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/b82dfbcab7f0bc1a63df852573c694ce.webp

185.244.209.62

200 OK

588 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/b82dfbcab7f0bc1a63df852573c694ce.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
588 B (588 bytes)
Hash
5cc40a6f8b6c95f8d5382e677bfd6afc
a92f3e60f5741ecea533c6870b53e2b99a863598
7706824b58f1d489670bf3eb46bcd93024f33b3e5628640c24944c921e1c4457

HTTP Headers

GET /resized/size16/sfiles/logo_teams/b82dfbcab7f0bc1a63df852573c694ce.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 588
cache-control: max-age=94608000
content-disposition: inline; filename="b82dfbcab7f0bc1a63df852573c694ce.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 06:50:01 GMT
x-request-id: 30aab90682a1ad96f060a8770d5c33d0
x-time-ng: 0.050
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-df3c1a99480061974b600031ed2f7160-c85108a80e566cac-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T06:50:01+00:00, 2024-05-08T07:51:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/5e567e36d7149a9349cf60b3838db43d.webp

185.244.209.62

200 OK

728 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/5e567e36d7149a9349cf60b3838db43d.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
728 B (728 bytes)
Hash
f9daf73c7c5345a3b5d0a48620d01910
2b95896057779c26217824acce1a0d7d7a13ad9c
96c4fb8eb3eba9e8624d0503096c857c2520ce985382cf1af0974eb89119772c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/5e567e36d7149a9349cf60b3838db43d.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 728
cache-control: max-age=94608000
content-disposition: inline; filename="5e567e36d7149a9349cf60b3838db43d.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 22:01:00 GMT
x-request-id: 34d137ff6c5c34b3550977010e0fe0e5
x-time-ng: 0.034
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d0f9aa1abeeef82f3b1754e502d1e73a-82f608f0462b0728-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T22:01:00+00:00, 2024-05-08T07:51:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/640c4acb23056e417ea7a06b727d5b1c.webp

185.244.209.62

200 OK

728 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/640c4acb23056e417ea7a06b727d5b1c.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
728 B (728 bytes)
Hash
0f4be90bca53eaa91e64c850ced091a5
07a7aad21130cdd911bebbc5aea6c919ce04f9de
78ee34716c48c845f5749947d84df66fbf6a8012250068d5ec3726ae7cbfdca6

HTTP Headers

GET /resized/size16/sfiles/logo_teams/640c4acb23056e417ea7a06b727d5b1c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 728
cache-control: max-age=94608000
content-disposition: inline; filename="640c4acb23056e417ea7a06b727d5b1c.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 02:56:15 GMT
x-request-id: f8022f11289fbee24b8b488d11336c72
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a64a23bbafb82ff5d228952df579cffa-8845129d7525cc6d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T02:56:15+00:00, 2024-05-06T17:12:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/663cd2a90018ab10f0f9d6f0a1fdc4bd.webp

185.244.209.62

200 OK

738 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/663cd2a90018ab10f0f9d6f0a1fdc4bd.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
738 B (738 bytes)
Hash
83dffce7f341a89c0e93181fe421dd0d
153fa23db67598a966766691cb63310c2a361c36
8d2f59521cc483844f293b11a1386a94c17da92d84ac1f150eda3f3516386994

HTTP Headers

GET /resized/size16/sfiles/logo_teams/663cd2a90018ab10f0f9d6f0a1fdc4bd.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 738
cache-control: max-age=94608000
content-disposition: inline; filename="663cd2a90018ab10f0f9d6f0a1fdc4bd.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 22:00:59 GMT
x-request-id: ec9f7b08598b7903bb2ad048b38979c1
x-time-ng: 0.046
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3b11cc639b24e200001046849ae08300-fd8f00c56bc0f0f7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T22:00:59+00:00, 2024-05-06T17:12:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/7d8648bcb1883abeec83f1292e52819a.webp

185.244.209.62

200 OK

784 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/7d8648bcb1883abeec83f1292e52819a.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
784 B (784 bytes)
Hash
a30f5eeaa542f15042b79418b5cea3af
f5a7359f28149b66804de9d31306a5f3368963e9
6ce13a766ae93a94e3d125f839fe38db43dcb2029d01c9c5f3682ded2faf6526

HTTP Headers

GET /resized/size16/sfiles/logo_teams/7d8648bcb1883abeec83f1292e52819a.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="7d8648bcb1883abeec83f1292e52819a.webp"
content-security-policy: script-src 'none'
expires: Wed, 28 Apr 2027 08:51:59 GMT
x-request-id: 5816e3c5d0480c68c9d9d6ca89192599
x-time-ng: 0.072
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-054eb767a43261ad10988e403982e4a0-d0f38e0adaab16b1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-28T08:51:59+00:00, 2024-05-09T04:34:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/7b79685e5fe591a9186c469db06c34ad.webp

185.244.209.62

200 OK

684 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/7b79685e5fe591a9186c469db06c34ad.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
684 B (684 bytes)
Hash
8fa852a76009baab756a5fdb1372e4d2
164d36626e853bd85ecdb9aa59ada64a77a4d21b
726110a0d0cb80b56673a805d833ca7434a66bbffa3f65c014b6a19d3901c009

HTTP Headers

GET /resized/size16/sfiles/logo_teams/7b79685e5fe591a9186c469db06c34ad.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 684
cache-control: max-age=94608000
content-disposition: inline; filename="7b79685e5fe591a9186c469db06c34ad.webp"
content-security-policy: script-src 'none'
expires: Sun, 09 May 2027 04:51:45 GMT
x-request-id: 9529d585d03da393b4e8cb950107051f
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-029825d334f7b479a7e8b0383affb6bd-310e5d9b281e815b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T04:51:45+00:00, 2024-05-09T05:28:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/user/secure

178.253.29.51

200 OK

841 B

URL POST HTTP/2
1xlite-461430.top/web-api/user/secure
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
841 B (841 bytes)
Hash
800f649d8565b169f001dae90e927261
c7419fb15a683515fda5922a9f9716b6d78b7a77
d45a0bef1a46dcf89738487f3e489d0ee56a8c6727f207afc9dc608901ea0a29

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/user/secure HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=15, dt_total;dur=411.542, wf-uht;dur=0.425
set-cookie: _glhf=1715331871; expires=Fri, 10-May-2024 05:08:15 GMT; Max-Age=3600; path=/
traceparent: 00-fc345895147a8b458e94ff46c33c896a-fa9b5b694310c426-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/a9112d2b7c12a81eb15bd867b4632ee1.webp

185.244.209.62

656 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/a9112d2b7c12a81eb15bd867b4632ee1.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
656 B (656 bytes)
Hash
cd4a0a2bf096157979aee36883a4e5ce
d00a973a630f2b23e3940a5b26995514bd7a53bb
912b5c5d5b30bfb94413190bacbc9ad80cec77e0bc2def6eef0c1a369eb07c60

HTTP Headers

GET /resized/size16/sfiles/logo_teams/a9112d2b7c12a81eb15bd867b4632ee1.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 656
cache-control: max-age=94608000
content-disposition: inline; filename="a9112d2b7c12a81eb15bd867b4632ee1.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 06:20:28 GMT
x-request-id: 509a7762f0a32112404f87f1a3910aad
x-time-ng: 0.042
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4c483af13c9c46206ec383367ca48687-88f556de7efa0bd8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T06:20:28+00:00, 2024-05-06T17:12:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/25787.webp

185.244.209.62

606 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/25787.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
606 B (606 bytes)
Hash
4cb6ba98926f0d6add10342c441cbf14
0161ab62b7d9dc73a7671000bd5015643d6885d1
4d66ad112b793c06b07fa8d31fc3bb49f08be3f135bccf1a7d67948ffd1b0630

HTTP Headers

GET /resized/size16/sfiles/logo_teams/25787.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 606
cache-control: max-age=94608000
content-disposition: inline; filename="25787.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 15:47:10 GMT
x-request-id: cdaf728971a04090128de9e9aabec843
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-32971a7437ac96e3a5e6fd2bd47b31ed-2dfe2a6cefe6a11b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T15:47:10+00:00, 2024-05-07T21:16:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/230875.webp

185.244.209.62

576 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/230875.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
576 B (576 bytes)
Hash
f995ac2c5e9b834255f5b1970f3b30a3
ff491e5e8e2db57c5d6a32d7775afd3ef57ed315
dbb86c00b29a387a0dba4dd4657f62969aefb4322d5477b2aa1221649cb8fafe

HTTP Headers

GET /resized/size16/sfiles/logo_teams/230875.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 576
cache-control: max-age=94608000
content-disposition: inline; filename="230875.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 08:34:14 GMT
x-request-id: 6ca85a2e657d8c90055454b052b346e8
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ec92463182ebb0366602696249f535c6-9cca8b278ed3fed0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T08:34:14+00:00, 2024-05-06T17:12:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/e08cfad921921a1d1f63e7b7115d8ecc.webp

185.244.209.62

616 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/e08cfad921921a1d1f63e7b7115d8ecc.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
616 B (616 bytes)
Hash
c4c785ed562f8eef8e936fff47ffc7b6
de06192d3cf77387b588ab45cb822a389e329b7e
eefb7fc2c9055f250f51ea166238f8ef6460bc7e449a4d4a5ed8e3342dd9829b

HTTP Headers

GET /resized/size16/sfiles/logo_teams/e08cfad921921a1d1f63e7b7115d8ecc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 616
cache-control: max-age=94608000
content-disposition: inline; filename="e08cfad921921a1d1f63e7b7115d8ecc.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 13:33:40 GMT
x-request-id: d36627b64d216f2d54130cff29be9c80
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-69f94597bd0eef9e7e42ccf993f0916d-157c4befa08871f9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T13:33:40+00:00, 2024-05-07T20:12:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/6e4f44970f29778a75071f29092e9766.webp

185.244.209.62

580 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/6e4f44970f29778a75071f29092e9766.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
580 B (580 bytes)
Hash
f2a208d0952030f93f4dcab8e7d59c18
94b8df9564794df9f1a7e37b2f87cdd5a853133c
23c6aad0db937571e95225668327568c56c9cb467121ff25f0fd0889c13d6e19

HTTP Headers

GET /resized/size16/sfiles/logo_teams/6e4f44970f29778a75071f29092e9766.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 580
cache-control: max-age=94608000
content-disposition: inline; filename="6e4f44970f29778a75071f29092e9766.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 15:19:29 GMT
x-request-id: 631a5dcf8cc963d5a1ae87478e693fce
x-time-ng: 0.059
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d056d621f67428c3bc135c6eceb76085-187e5d05eaf7d48f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T15:19:29+00:00, 2024-05-08T04:16:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

200 OK

9.8 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
9.8 kB (9802 bytes)
Hash
7943d2ae64b48ca1d566ede0221d47c3
234b6fcf18880eb75604b24ad2d09431cc41fcbd
3da5b4fdd7a1b3b0ad0ce259b90ea42049d462bb3628a6a47a486a1aaf03059f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: application/json; charset=utf-8
content-length: 9802
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:16 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-c2bb372a.js

185.244.209.62

2.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-c2bb372a.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7751), with no line terminators
Size
2.3 kB (2285 bytes)
Hash
d1c3350409fced81d3bdaa120774e126
b1d363217e08b0c554387b7ec8e55ca81d1b26e6
ae5f5f10dae7227a4979a2a6288d9078fabd7e3c3907f426f5614d2d84b7c45d

HTTP Headers

GET /_nuxt/desktop/default/betting.SportsMenuCompact-c2bb372a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 2285
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8ed"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:55 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cefa67fd440bb9cbbdae2c239eee9cb4-73c26163753cddc6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:55+00:00, 2024-05-09T11:24:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css

185.244.209.62

200 OK

705 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4705), with no line terminators
Size
705 B (705 bytes)
Hash
2b6cccff5325f6e14ccd6ec354319cd6
f4ec05fc468d3daddec1a3d825c29a55ce4b2050
a153e31a0350b58aad71597632348e14c954738845b58f05ca04b8212dbaca38

HTTP Headers

GET /_nuxt/desktop/default/css/ff09be90.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: text/css
content-length: 705
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-2c1"
content-encoding: gzip
expires: Thu, 09 May 2024 14:42:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0fa9f235778d6d5ddc925315b262a457-f6db1e2272cd3b93-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T14:42:14+00:00, 2024-05-09T07:17:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2701 bytes)
Hash
6012626f2cfff9806e7e77ff35056f32
33122b233f50af78369ef1314278024ad9d6b50f
aa234d119a5331e54fc81683666603afc178542c7c2467d678f97d081259d654

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: application/json; charset=utf-8
content-length: 2701
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:16 GMT
vary: Accept-Encoding
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp

185.244.209.62

200 OK

6.9 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.9 kB (6884 bytes)
Hash
b7304b532dca88cc708b1c81edf7e051
d9ca9db864badb40bcab6d846ba7110413a339d3
324b9021e7fa1a227b418f5b0707e174d86aa20decea945eab3cea41aac8d2ca

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/games-no-faceless.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/octet-stream
content-length: 6884
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "b7304b532dca88cc708b1c81edf7e051"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:10.000Z
expires: Tue, 14 Nov 2023 18:21:42 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-73e326323b9da8697a901b6983d26d71-c2fcc68da405a85b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T18:59:15+00:00, 2024-05-09T08:16:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-512.webp

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-512.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
14 kB (13478 bytes)
Hash
191bfc954a2da6531602f603c6ed7611
b5f5c2711dba90df3ae1e63baf2b64badf68af70
c4664bc5becc85f93850b3a1274cc165592c1d45b75c2f4eddf48c08b5ea6940

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-512.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/octet-stream
content-length: 13478
last-modified: Fri, 12 Apr 2024 07:17:26 GMT
etag: "191bfc954a2da6531602f603c6ed7611"
x-amz-meta-origin-date-iso8601: 2024-04-11T07:55:04.504Z
expires: Fri, 10 May 2024 12:52:15 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b67cedac1f402105a6bb0dfdfa480cd3-ebf8ad2cae26069b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T12:52:15+00:00, 2024-05-09T13:40:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.334/285/sports.svg

185.244.209.62

200 OK

168 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.334/285/sports.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
168 kB (167855 bytes)
Hash
35023ed00daecdbbcef869ac8f7bafc2
935e531d36a33849d19a412d2e8f4a1e444fa32f
bdd6e0b8e601f7e63ee0c1be8d1729eca3a4492a047ba37e87a3134bc0a47782

HTTP Headers

GET /sys-icons/1.0.334/285/sports.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:57 GMT
etag: W/"0c52e0c32f8f2667a72e0d57b63e02a3"
x-amz-meta-mtime: 1713272153.42490276
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:48 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9d0e0e5b93a19ed825bea5e5ace7b03b-cd9922e946dd8bd2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:48+00:00, 2024-05-09T11:07:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

200 OK

2.1 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.1 kB (2084 bytes)
Hash
5a4d721ca1d28659d7a8e53b5378dbf0
e6e068a71afb37316a83a099b41c6b8ddbdcdbe6
5deb5df589ef6f81507b8a76efc8076793d4ee6864d938c6222f93d22caca427

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/json; charset=utf-8
content-length: 2084
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:17 GMT
vary: Accept-Encoding
x-time-ng: 0.060
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.068
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp

185.244.209.62

6.2 kB

URL
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.2 kB (6158 bytes)
Hash
64ff358fd3a82358542d29d53649dd85
0a15b0731a9468fe49e3b512febe91d951ef6156
a9ae35f930c0bf59e407a0c082347049ae11738d330df4e32f4b2b1129d1470c

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-371.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/octet-stream
content-length: 6158
last-modified: Thu, 31 Aug 2023 08:10:58 GMT
etag: "64ff358fd3a82358542d29d53649dd85"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:04.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-44ebb6d576cd974f4f78cc37f0a03d3c-0933d9193e6692aa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-09T08:16:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp

185.244.209.62

200 OK

20 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (19770 bytes)
Hash
2c02d34e261b48da9db2682ad433c5e8
e6b9618ac0040910f755a6f24dcb2f5500bb9aca
d8db064ea1623849ccee86b27bdb7825aa0dc452293576de352f9269af60ecfe

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-249.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/octet-stream
content-length: 19770
last-modified: Thu, 31 Aug 2023 08:10:56 GMT
etag: "2c02d34e261b48da9db2682ad433c5e8"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:00.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-92a0d833a2cc492d40488b2e483fd004-b63af150e7bdc9e0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-09T08:16:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js

172.64.148.184

200 OK

115 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
115 kB (115360 bytes)
Hash
cc923dc1c3b87452e1fe940b99f5d21e
56d6c1859ecb24ce72f96cfca84c5b73e0c910f7
27d81b88c6a942ecde1707b200e6a2dc9f25fa40f64d1670916ff9b2b3391ea5

HTTP Headers

GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 816024
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898ce0afe-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/sounds/new-message.mp3

172.64.148.184

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/sounds/new-message.mp3
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo
Size
30 kB (29952 bytes)
Hash
ef9af24dc7dbd24ffd99c832e1300351
f78744a5013038446c468de14f205f2d52373fd6
5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9

HTTP Headers

GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:19 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"7500-18f381bf786"
cf-cache-status: HIT
age: 3130
expires: Fri, 10 May 2024 08:08:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881711411c660afe-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js

172.64.148.184

200 OK

84 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
84 kB (84052 bytes)
Hash
f213fa33373b2d40bfb7ef293284c669
3b44987dccc40e3d70ad29edd22a1ad91cf345d1
8bbf695ab2d2452feb428aaa65aa13b89a20573fbb96b4987cb47dff8d3546eb

HTTP Headers

GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 806182
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113868c30afe-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-animations/game-169-animation.svg

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-animations/game-169-animation.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
2.2 kB (2180 bytes)
Hash
d92d57f94eeec10bc91436ab10d9715d
0d5edabfd0d1336b99abb6146c036de229f2a849
e037bbf3401d17291e951849e4ee6c25aea59a11c9a482b6819db18de94adfd7

HTTP Headers

GET /sfiles/games-images/game-animations/game-169-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:18 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Jan 2024 08:41:21 GMT
etag: W/"6b19d39f5180df62c717cfa7d870e7ed"
x-amz-meta-origin-date-iso8601: 2024-01-12T15:52:06.000Z
expires: Fri, 10 May 2024 00:01:03 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2ed7d542a3a0b4b62f070aa682170684-f4ce52837a672fd1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T00:01:03+00:00, 2024-05-10T00:07:41+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-5a8fe517.js

185.244.209.62

200 OK

705 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-5a8fe517.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
705 kB (704739 bytes)
Hash
6ec9e34af9c690e2c370449898f1bbcd
a9aaf1cd00fbc44bee09e9824747835d550fe009
af22faaefa27cf0fa6544dcf0b2de34ddf6cf656d8b57ec74e4f825da566ce61

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-5a8fe517.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:19 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"0d38c5af85509fb3a865ab3c5282960e"
x-amz-meta-mtime: 1715184545.995120472
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:37 GMT
cache-control: max-age=86400
x-time-ng: 0.005
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4e45698d42851bd31db73da058f5154b-13ada97f4a8879a5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:37+00:00, 2024-05-09T11:07:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en

178.253.29.51

200 OK

31 kB

URL GET HTTP/2
1xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
31 kB (31024 bytes)
Hash
5e57488ece417dfb2d0d023a6c9d0423
cc3add288721c1e6c3d3e9413fd0de50a9d38467
8da57ebaa0d0d6ecfbac547e80404973484e6cd38820bb8adfcde943511e4c28

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/contacts.json?type=2&lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=0.79, dt_total;dur=133.352, wf-uht;dur=0.148
traceparent: 00-f775facde46498306cc5a98824ae4135-9423b9c3e988c28e-01
vary: Accept-Encoding
x-cache-expire: 492
x-cache-hit: 1
x-dt: 285
x-time-ng: 0.133
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

200 OK

3.8 kB

URL GET HTTP/2
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
3.8 kB (3811 bytes)
Hash
a17d6ff3bbf3a3309a6c6899d6066c47
9b52c8fa25a0ebdca03b9c0b91cf0b8f3092a1ae
27dcc300a0f1c6be498c34183c6f710e51a1887d8de4d5b854e682e69c7a6fc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=100, dt_total;dur=101.483, wf-uht;dur=0.115
traceparent: 00-284967424eb057d00df6f16f202df77d-65694945b94bc082-01
x-dt: 285
x-time-ng: 0.101
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/registration/fields

178.253.29.51

7.4 kB

URL
1xlite-461430.top/web-api/registration/fields
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
7.4 kB (7367 bytes)
Hash
3b5fc74c6bee5ffbc649f663e5f6c1a3
0f00adb4eb180726ecd2abcc2317a29beceb13bd
fe1005c8a0940ff6384b2b89aa744d692b9aed79f1d72cecfa11d1bb11fa7294

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration/fields HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 19
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=57, dt_total;dur=60.570, wf-uht;dur=0.071
traceparent: 00-1482ffbd35360de6056b3db74e4a8e70-53bcb0715f229e8d-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.059
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js

185.244.209.62

1.4 kB

URL
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
1.4 kB (1387 bytes)
Hash
f8c917665c2f2b993dd13aa43903aa89
ad9c3a890cc67722c3338b113d90c9a33ebec621
edd4e000a1516fd749dc93dfc48feb5b0f5f249cfbf3b2b05074ffc2dc567e76

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 13:08:03 GMT
etag: W/"518e0ae196483ada8b528a1f2b7df0a1"
x-amz-meta-mtime: 1715259983.675899864
content-encoding: gzip
expires: Fri, 10 May 2024 15:18:14 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-03bd0cfbaa55ca6c41c97d3565ac54d4-55eec1daeae28cd7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T15:18:14+00:00, 2024-05-09T15:54:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/366613.webp

185.244.209.62

598 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/366613.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
598 B (598 bytes)
Hash
bdee56588cda1f08482306ef5a0911f6
b31c1219d253264a144de651fc4f556d5f282e43
e9711a6bdc797eff7a62d56194bf4a48e000d5228e9ec7726c6750f6ea1f0f75

HTTP Headers

GET /resized/size16/sfiles/logo_teams/366613.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 598
cache-control: max-age=94608000
content-disposition: inline; filename="366613.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 22:05:06 GMT
x-request-id: 45ab41bc2daa827242c4c4e1b434ed60
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d8abab0b2253620b78de6c34fd23b54a-b7644f878e7215af-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T22:05:06+00:00, 2024-05-07T02:05:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js

185.244.209.62

200 OK

12 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
12 kB (11714 bytes)
Hash
94f1f0fde1dc80d0f1e96c2d2140dd9d
d44984cea4f32e96b070e731246d0a7165f178ab
d9fb040b155d987e002d7650b6d6c313ca098cd425cfbe74b89fcaa7b119eb7a

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_PLMWICWN.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 14:32:04 GMT
etag: W/"dfa127e93d125d4f6c566203eaf225f2"
x-amz-meta-mtime: 1715264772.785909534
content-encoding: gzip
expires: Fri, 10 May 2024 15:18:14 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8c57c1dde3d9ba00eab4d70cb96a0d65-82cdbb8342b011b2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T15:18:14+00:00, 2024-05-09T16:01:12+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js

172.64.148.184

200 OK

38 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
38 kB (37464 bytes)
Hash
d1a507ecafb2d5f60431a635fee6ebc0
54e5fe342823c0fc6e111b5055b96c0e68dfb4a0
89425b57b4cb37d6fdd2f481c08077b657fac6eb866e1473c2a1b5e3f41ca708

HTTP Headers

GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"12fe9-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 811742
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113868c60afe-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/c71e8237a3f3c27632e9e8f524d3dcb0.webp

185.244.209.62

200 OK

684 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/c71e8237a3f3c27632e9e8f524d3dcb0.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
684 B (684 bytes)
Hash
8fa852a76009baab756a5fdb1372e4d2
164d36626e853bd85ecdb9aa59ada64a77a4d21b
726110a0d0cb80b56673a805d833ca7434a66bbffa3f65c014b6a19d3901c009

HTTP Headers

GET /resized/size16/sfiles/logo_teams/c71e8237a3f3c27632e9e8f524d3dcb0.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 684
cache-control: max-age=94608000
content-disposition: inline; filename="c71e8237a3f3c27632e9e8f524d3dcb0.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 07:05:00 GMT
x-request-id: 0c2f2ef4a5240b72db087da76b7850a8
x-time-ng: 0.052
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e427df19e7d9de963874536cb5d1234c-d7e9ba61861ddd73-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T07:05:00+00:00, 2024-05-08T17:10:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/7bb14f3d3a381559c9c3e4dc30181268.webp

185.244.209.62

200 OK

688 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/7bb14f3d3a381559c9c3e4dc30181268.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
688 B (688 bytes)
Hash
6ead86de7c677ac2ef33af35f35dcbd5
cc1d57bc18f86e1b23486ea5cee3e5cdc6e2483a
4f15238f3fb34a72459c64b232c7abe4e2743c1371efe3375598869fe218142c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/7bb14f3d3a381559c9c3e4dc30181268.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 688
cache-control: max-age=94608000
content-disposition: inline; filename="7bb14f3d3a381559c9c3e4dc30181268.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 19:02:15 GMT
x-request-id: 2478775b8a2f507324d551950f965664
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-424bf6f678ecb6a3cf45c2e216787306-04996d413b257180-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T19:02:15+00:00, 2024-05-08T19:35:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/c676825d173b0dc577ff8e7baf68785d.webp

185.244.209.62

200 OK

684 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/c676825d173b0dc577ff8e7baf68785d.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
684 B (684 bytes)
Hash
8fa852a76009baab756a5fdb1372e4d2
164d36626e853bd85ecdb9aa59ada64a77a4d21b
726110a0d0cb80b56673a805d833ca7434a66bbffa3f65c014b6a19d3901c009

HTTP Headers

GET /resized/size16/sfiles/logo_teams/c676825d173b0dc577ff8e7baf68785d.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 684
cache-control: max-age=94608000
content-disposition: inline; filename="c676825d173b0dc577ff8e7baf68785d.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 11:59:08 GMT
x-request-id: bf4e6c47f266357cc23268ad57c79bf0
x-time-ng: 0.049
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-aa033faea4997b60fda162358c7189a9-2431d2f169868c5a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T11:59:08+00:00, 2024-05-07T11:59:53+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js

172.64.148.184

200 OK

11 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
11 kB (10886 bytes)
Hash
bf8425a85a1cf6851eb2e191fe566229
0ae0b34f0675214c2df968ff148d4212af99fb12
1b05ce774e4c9eb44fb89a31d4bffd5c10677312ff10c58ef40216c40b19dd85

HTTP Headers

GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 816024
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898cd0afe-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/e2078697a64ec2c40345a99559022625.webp

185.244.209.62

588 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/e2078697a64ec2c40345a99559022625.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
588 B (588 bytes)
Hash
bee7ec080229d9b14a01b948025e0f0f
8c1d787e50a93476d4775d534f2913f04d20c6ae
db4e1403c2164fed6608c00f73638c77069570ce2e8250261c5b226b34e7f01f

HTTP Headers

GET /resized/size16/sfiles/logo_teams/e2078697a64ec2c40345a99559022625.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 588
cache-control: max-age=94608000
content-disposition: inline; filename="e2078697a64ec2c40345a99559022625.webp"
content-security-policy: script-src 'none'
expires: Sun, 09 May 2027 20:58:11 GMT
x-request-id: baafa1d085d524ba7f29edd4d614f0d4
x-time-ng: 0.081
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-85808f35f554a92b5629665c76435f9e-0c080484cddbefdd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T20:58:11+00:00, 2024-05-10T03:58:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/f35f81164761543749957219b87cdfd7.webp

185.244.209.62

628 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/f35f81164761543749957219b87cdfd7.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
628 B (628 bytes)
Hash
e7ee5300be8d019c427552b9c5e1e384
5b91af25d861899e0a3e2fb1847cb3279ae1f912
7e14dc216547a06bc906fd2ee33fb101fd560d293d11a47e33777a9533d6646d

HTTP Headers

GET /resized/size16/sfiles/logo_teams/f35f81164761543749957219b87cdfd7.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 628
cache-control: max-age=94608000
content-disposition: inline; filename="f35f81164761543749957219b87cdfd7.webp"
content-security-policy: script-src 'none'
expires: Mon, 10 May 2027 00:49:44 GMT
x-request-id: 85022b803ad1829c555b01e1b0d56db5
x-time-ng: 0.048
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-364437ae638f1dd515bf56da3e5776c6-2f5a77ea10975f5c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T00:49:44+00:00, 2024-05-10T03:58:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/2bc22601f92ef11898f1ff96162a562f.webp

185.244.209.62

688 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/2bc22601f92ef11898f1ff96162a562f.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
688 B (688 bytes)
Hash
6ead86de7c677ac2ef33af35f35dcbd5
cc1d57bc18f86e1b23486ea5cee3e5cdc6e2483a
4f15238f3fb34a72459c64b232c7abe4e2743c1371efe3375598869fe218142c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/2bc22601f92ef11898f1ff96162a562f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 688
cache-control: max-age=94608000
content-disposition: inline; filename="2bc22601f92ef11898f1ff96162a562f.webp"
content-security-policy: script-src 'none'
expires: Sun, 09 May 2027 20:58:10 GMT
x-request-id: fed480c18b6c518e6462bd7b5a91a719
x-time-ng: 0.027
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-66343fa694e9e5d86a62b492432b0569-c2ef08f4370cc1c3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T20:58:10+00:00, 2024-05-10T03:58:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8c485732468e18b263701ee8af63ec49.webp

185.244.209.62

200 OK

688 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/8c485732468e18b263701ee8af63ec49.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
688 B (688 bytes)
Hash
6ead86de7c677ac2ef33af35f35dcbd5
cc1d57bc18f86e1b23486ea5cee3e5cdc6e2483a
4f15238f3fb34a72459c64b232c7abe4e2743c1371efe3375598869fe218142c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8c485732468e18b263701ee8af63ec49.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 688
cache-control: max-age=94608000
content-disposition: inline; filename="8c485732468e18b263701ee8af63ec49.webp"
content-security-policy: script-src 'none'
expires: Mon, 10 May 2027 00:49:44 GMT
x-request-id: 79b56843203453593874cb285c2a6ffd
x-time-ng: 0.083
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c525cdc41d30f95702c57ca1915c3a21-e6559b73d39b2ccb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T00:49:44+00:00, 2024-05-10T03:58:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js

185.244.209.62

200 OK

34 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
34 kB (33801 bytes)
Hash
48bb91d23d3e4825f99a66a16dd45bc5
6b6b7078a49d582fa6dfbb92a6b1784b8006213d
bf8d15947eeb3d26298f1d28b71f5d35c1f6bcf0da49270f0b7dec1910cdf19c

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 07:12:11 GMT
etag: W/"67267513246705d46a0bb83e1f8efd2a"
x-amz-meta-mtime: 1715238619.542425469
content-encoding: gzip
expires: Fri, 10 May 2024 12:42:09 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bace10bebb52334ae3e22608be6ba1ce-c71cde9655d99119-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T12:42:09+00:00, 2024-05-09T12:51:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/cce25522580165589a18f52d2107f05a.webp

185.244.209.62

694 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/cce25522580165589a18f52d2107f05a.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
694 B (694 bytes)
Hash
a72656c18bcf66f0e83d61e79bb60c4f
160acbe3cae7cc3912b613f6b3ba299300a2ae81
542efa59acba1f2e06a23cf722fa955cc6187a8523b624e4d5033f89010c0f80

HTTP Headers

GET /resized/size16/sfiles/logo_teams/cce25522580165589a18f52d2107f05a.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 694
cache-control: max-age=94608000
content-disposition: inline; filename="cce25522580165589a18f52d2107f05a.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 11:41:53 GMT
x-request-id: 62f98453c19d377ba3a6e6a395000300
x-time-ng: 0.034
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-31bde208f4d277eb8759b37fb1ca96cf-190527119b864fee-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T11:41:53+00:00, 2024-05-07T21:40:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/4724017287c33fa4d6c7cba24147377f.webp

185.244.209.62

200 OK

628 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/4724017287c33fa4d6c7cba24147377f.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
628 B (628 bytes)
Hash
bf63f197b6450558abb49cd698d2ae31
7c497f3f735754e1ae1e7f0b49b009ecc5152b71
c269f8e74361f8a5339cd0624dd312257555614583ec8b311f8c77542aac000d

HTTP Headers

GET /resized/size16/sfiles/logo_teams/4724017287c33fa4d6c7cba24147377f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 628
cache-control: max-age=94608000
content-disposition: inline; filename="4724017287c33fa4d6c7cba24147377f.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 02:35:16 GMT
x-request-id: 0ec1f9a3ec04184eca1b917efa17a275
x-time-ng: 0.044
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1b3e9dd9e3c55123360eff69bc129f79-7fc970da5504377b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T02:35:16+00:00, 2024-05-08T02:41:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/6e8e3064432fcce15a105b8d24142ded.webp

185.244.209.62

200 OK

586 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/6e8e3064432fcce15a105b8d24142ded.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
586 B (586 bytes)
Hash
15c87c395b94cda9b5521f654412138d
641cd6280895b5f2ca4a559128e64c725a1e8893
2fae81bb41952e5657722825606f7b892b794097f4205a39c32d2ab9106c4354

HTTP Headers

GET /resized/size16/sfiles/logo_teams/6e8e3064432fcce15a105b8d24142ded.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 586
cache-control: max-age=94608000
content-disposition: inline; filename="6e8e3064432fcce15a105b8d24142ded.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 15:00:29 GMT
x-request-id: 81675640f58fd2a09b8ebcb3c31bc732
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5b48f6669d85f8fd5a29f4ee3bb63a07-7855f09805f3dd47-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:00:29+00:00, 2024-05-07T21:40:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/31113.webp

185.244.209.62

200 OK

618 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/31113.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
618 B (618 bytes)
Hash
cf4e5c9ed89d1ea9d8649e2754025a62
854bf365e8ffb2014b14a7c5ce52013290f17006
d6ef32eca353776338a564b2c24a2b8545701f50a759fde2a191bd400e2951b4

HTTP Headers

GET /resized/size16/sfiles/logo_teams/31113.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 618
cache-control: max-age=94608000
content-disposition: inline; filename="31113.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 12:28:12 GMT
x-request-id: 0fbc00c5b8375fe864f3026c5fc9eb27
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4c0cb38ad07e2849a049055f6e96e8be-c2e3f489fb132b0c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:12+00:00, 2024-05-07T20:12:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/f17edbb0def43126b3a4b09d825c5bb9.webp

185.244.209.62

200 OK

608 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/f17edbb0def43126b3a4b09d825c5bb9.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
608 B (608 bytes)
Hash
91774786a8653272376a21d63c2615ca
543a4afde1bc199c4032c53e9de81bd9faea6bb9
9961971d85aec12f8f077a820df3d6db55ef013867177865355915580657f54a

HTTP Headers

GET /resized/size16/sfiles/logo_teams/f17edbb0def43126b3a4b09d825c5bb9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 608
cache-control: max-age=94608000
content-disposition: inline; filename="f17edbb0def43126b3a4b09d825c5bb9.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 05:52:21 GMT
x-request-id: cf30a76539eb97cbd8742545b9ae5851
x-time-ng: 0.035
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-810c895fc7297f8b2c06f6704b98e96a-3d30266bbac1c7d5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T05:52:21+00:00, 2024-05-08T19:35:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg

185.244.209.62

51 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 1380x248, components 3
Size
51 kB (51087 bytes)
Hash
15b1bda7b31ccc5eacce67afbe6f160b
d41eac3583bb0495a008b0d1e4a584d103feb436
2e1b52936d0c7081d46010cd49e236aed8cefc16adad7c908c108aff4a73718d

HTTP Headers

GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/jpeg
content-length: 51087
last-modified: Tue, 11 Apr 2023 18:15:30 GMT
etag: "15b1bda7b31ccc5eacce67afbe6f160b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-200c2d28efe71e84cfe21a262034be11-eec66918b321e880-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:23:51+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.png

185.244.209.62

200 OK

234 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 1380 x 248, 8-bit/color RGB, non-interlaced
Size
234 kB (234183 bytes)
Hash
29cbfc647b35d624dbb21a2480adcf74
2af51a37649fc6d91e331954244ae02fa39e4012
1c004afe245526de4788b8cbd4773d431ae624ec5902b5b81c6de6696893f5ec

HTTP Headers

GET /genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/png
content-length: 234183
last-modified: Tue, 07 May 2024 10:14:00 GMT
etag: "29cbfc647b35d624dbb21a2480adcf74"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2180529c1aaabf6750e822907819b2ed-5811c07a9c24c5bc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:20:16+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg

185.244.209.62

200 OK

1.4 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.4 kB (1392 bytes)
Hash
886a20096e1c4869d510740a41df5812
7a9a79a4ca6251afba1a3910efeb6bca4a425ee6
3b8952ad0299b2b7039e1dc767edeaa840348e71ae43b3805badd8a6fb2a4598

HTTP Headers

GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/jpeg
content-length: 32867
last-modified: Fri, 26 Apr 2024 11:44:33 GMT
etag: "590bf4dea9eca01477197273e697a2f2"
x-time-ng: 0.027
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b42e99ddf3e2cd1a5bf48a8d7ecd61a4-8c71f2c77bc3cfd4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:46:26+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/08a25897e35d75d7261a8095b9599aad.webp

185.244.209.62

1.2 kB

URL
v3.traincdn.com/resized/size24/sfiles/logo_teams/08a25897e35d75d7261a8095b9599aad.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.2 kB (1220 bytes)
Hash
e63abc1e41178a97d4197c51567e25c8
2093338e3a4804d8c80fafd7720537056d9d0bea
0c2de26224b4b34463e0e2c5c8f38d60edf6fbf7d97a568671892edc96be354e

HTTP Headers

GET /resized/size24/sfiles/logo_teams/08a25897e35d75d7261a8095b9599aad.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 1220
cache-control: max-age=94608000
content-disposition: inline; filename="08a25897e35d75d7261a8095b9599aad.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 11:19:47 GMT
x-request-id: 5ed651ab54561c418f16ac8f894afb00
x-time-ng: 0.049
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3350a63230706eed68908086843b475e-fca76df1d9110348-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:19:47+00:00, 2024-05-08T11:29:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp

185.244.209.62

15 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
15 kB (14610 bytes)
Hash
2ccdf625b855ce93bc9b56a671accd6e
bc8f3a791f6251b714bafad614d15c477ba428e4
c5012a832581da604a5c57e8f822008f749fe484c6d24127ca91232af71169cd

HTTP Headers

GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 14610
last-modified: Thu, 08 Jun 2023 09:20:03 GMT
etag: "2ccdf625b855ce93bc9b56a671accd6e"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1586eeb7c7a17996fd993097649dfb41-dc7205d4b45fdb48-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-05-10T04:03:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
16 kB (15874 bytes)
Hash
99937fec94322155d99465451e84e5f4
0549b153f8e34c242f71817a038f7ebad37d27be
d35bc328538e182310574b3ff1d58134efedc49c9f3dbb43ec6df65fed624f33

HTTP Headers

GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 15874
last-modified: Fri, 26 Apr 2024 11:44:53 GMT
etag: "99937fec94322155d99465451e84e5f4"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2ae3a03708b6f55ec7aea5fdb30af287-f1807e921cb842f4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:45:30+00:00, 2024-05-10T04:03:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.webp

185.244.209.62

200 OK

9.1 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
9.1 kB (9072 bytes)
Hash
d18b01730ec2180f53426d1bcd4101f0
71318f020e1c01fdf9a150dd9853c896f4b03662
4cf9682b1d98dd94f7636a874e0020969d200bfb9b59d3c0d57e01923ee2f413

HTTP Headers

GET /genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 9072
last-modified: Tue, 07 May 2024 10:14:26 GMT
etag: "d18b01730ec2180f53426d1bcd4101f0"
x-time-ng: 0.004
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-60297efcaf6dd654cf984b19b12678a9-03d6d3742a1989f6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:19:47+00:00, 2024-05-10T04:03:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png

185.244.209.62

200 OK

231 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 1380 x 248, 8-bit/color RGBA, non-interlaced
Size
231 kB (231413 bytes)
Hash
5f92240dea2753875e3104a6704f93e6
41d042b4876f18001842a761d05ad4a0575ca7f4
2d51f316311a3977d1dcee31a3332f720f72a842d8924ea4b8f014a23ca859b7

HTTP Headers

GET /genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/png
content-length: 231413
last-modified: Wed, 21 Jun 2023 09:54:48 GMT
etag: "5f92240dea2753875e3104a6704f93e6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-19fc2fd35f46516865cc9f9c27f78d21-060647c119561294-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T12:28:11+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.334/285/country.svg

185.244.209.62

209 kB

URL
v3.traincdn.com/sys-icons/1.0.334/285/country.svg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
209 kB (209207 bytes)
Hash
4160dbeee26957877c585210f825ca20
0aa2a9317cce298184518ad96d5e165b4a9091e2
9265e9f7da7459cc8ac0fc927ab315babce2383c91ba4a73dd63b421739b1ee7

HTTP Headers

GET /sys-icons/1.0.334/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:28 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b3c300a5764ad9458a241a2d56c224a8-71870c8e762c73d8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:28+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp

185.244.209.62

18 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
18 kB (17490 bytes)
Hash
b7e3857cdc8cbde71f63af81a61f5cfb
deeb62ea6e9b702bb9e3f395483c3c00445adcf8
786e67817e82780aaeb0d2bca1e57e06fff5ae9fa89b2747b1af57913886e25f

HTTP Headers

GET /genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 17490
last-modified: Wed, 21 Jun 2023 09:54:55 GMT
etag: "b7e3857cdc8cbde71f63af81a61f5cfb"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8106c991a81b55caa98e40ed4f48dc10-5928bc3d902ccd0d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T15:26:35+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp

185.244.209.62

200 OK

20 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (20522 bytes)
Hash
95767496ab1dce71f394c97620666756
127389c7327fec508549222dd477edbd524e33dd
fca493b566204dfff5ef8b8cd6c74c40659c812ac6665696dd5c66c664a31c7e

HTTP Headers

GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 20522
last-modified: Thu, 08 Jun 2023 18:05:27 GMT
etag: "95767496ab1dce71f394c97620666756"
x-time-ng: 0.006
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-90189c1922710edbae0b06f9a5e840ea-350c33efe628da2d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js

172.64.148.184

200 OK

4.5 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
4.5 kB (4456 bytes)
Hash
c6c231281a7be9ff98223a55a481215e
381508398b35fc2c8257d28f597c091af915ffc3
2061cc8f1d8bb61a20172fce56af4fa7198088f9b3fad0d26c463bb81dde7704

HTTP Headers

GET /_next/static/f385e6db/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"5c-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 680448
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898d30afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/mobile

178.253.29.51

200 OK

92 kB

URL POST HTTP/2
1xlite-461430.top/web-api/mobile
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
92 kB (91590 bytes)
Hash
88a735d280071bd0bcea6a05c8268dbd
a92aa0ddcd978b1e1e0f5440f7071b3415f450e5
23a8c199002362f3f6c78e974dc0ad77edaf43eea009bc57a21c22266e16dc64

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/mobile HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=18, dt_total;dur=39.415, wf-uht;dur=0.047
traceparent: 00-64ea68c4bea6ffd5337fa19fb8cf95f0-5bf6ac07ddd737e2-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.034
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js

185.244.209.62

8.9 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (39925), with no line terminators
Size
8.9 kB (8881 bytes)
Hash
7ddea2d217f72613646d2b7eff8e9d6f
ea22eb4a231ac86ed0773f58ff856e1203bed07d
42c2cd82d0a96f636d5f7289a821ad8de15c7da1e57f58c13882da2209d4d576

HTTP Headers

GET /_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 8881
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-22b1"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-40f41969537d25f833c4814bc000fc47-4f74bbc70fc1ea3a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/session

178.253.29.51

204 No Content

0 B

URL GET HTTP/2
1xlite-461430.top/web-api/session
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
cache-control: no-cache, private
server-timing: p;dur=14, dt_total;dur=19.024, wf-uht;dur=0.027
traceparent: 00-e2c45b9c3106eb05ea869b618265361c-f018b092a236992d-01
x-dt: 285
x-time-ng: 0.019
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6158757f111a.js

185.244.209.62

200 OK

715 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6158757f111a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (714)
Size
715 B (715 bytes)
Hash
6ee3bc259bfb800c3a044e012d0e1891
faf1bdf7b82d6f4da0783c56fd9149d9064a379a
5ae7bfa3bf9463a9e18abae9da1087a4a9f75b529ffb5c664dee152692c93f43

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6158757f111a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/javascript; charset=utf-8
content-length: 715
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "6ee3bc259bfb800c3a044e012d0e1891"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e6d9a71cc489b7c2000559a906b1c08a-b1faab597f5dafaf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:29+00:00, 2024-05-09T12:23:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/

172.64.148.184

200 OK

96 kB

URL GET HTTP/2
widget.suphelper.top/
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
96 kB (95918 bytes)
Hash
decd7ac3a3f117867effa7ec4ba8121f
83c475ca21ef7e7c5fc2f581d745064418b0a2bf
3e6efc6cf628c088cf59045baf1b4cc0f29e61917fa2f60a125a0494b78e470f

HTTP Headers

GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 88171136c8280afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3016f30da818.js

185.244.209.62

504 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3016f30da818.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (503)
Size
504 B (504 bytes)
Hash
e3d07e6f66159328ab36432621f76bb1
a6904f34c980d0670c78ca33d3af1d42c9f80332
3165b04b3f1b881e9ce209f0a2ccee985c00ed98db43e9cb6af5d530438b7d1b

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3016f30da818.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 504
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "e3d07e6f66159328ab36432621f76bb1"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5e787aa5a3c7a4334949653f32365a61-29735480583e9cd0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:29+00:00, 2024-05-09T12:23:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json

185.244.209.62

200 OK

4.6 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
4.6 kB (4565 bytes)
Hash
3d975d77b05dee42b11643b263f80011
c4a7582dafdd134c1e365bbfac7e684335e41c85
18721cba4db6430e3cf7cb743136e605da222f084dc634e9ca6061a7aecf2de8

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_short_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: application/json
last-modified: Thu, 09 May 2024 14:03:46 GMT
etag: W/"d3e39abc76f19e176765d21ac9e70c5c"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4a6e52dfe0cd6b0f2af42d2e6820df62-b3f63f8478f0ab67-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T14:56:59+00:00, 2024-05-10T03:11:00+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/726083f27efa.js

185.244.209.62

200 OK

597 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/726083f27efa.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (596)
Size
597 B (597 bytes)
Hash
76880f7538a0be62d4fc0f9e55db36aa
73f78086fe9d1875b8e289fc3c8e22ecaec4dacb
0491db56d6c0b9c1ecabeafcffcb6d1151d847f9145dd643d4a7f6408faee096

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/726083f27efa.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 597
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: "76880f7538a0be62d4fc0f9e55db36aa"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bc78f9c28ea1fa5363e22341679c3b36-9cc9c0d1a75f136d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/618b749155d0.js

185.244.209.62

481 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/618b749155d0.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (480)
Size
481 B (481 bytes)
Hash
9abbe64ff2b544f35594e17905e4594c
a7896739e9768216888018d2c4aec7c102e4d4a9
9f8032c080e2f3906f0c068bf43ef41084d6064f5df8be76b339fa87f7ad17eb

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/618b749155d0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 481
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "9abbe64ff2b544f35594e17905e4594c"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-785fe41d36ee0ca2df0c0814dda781c8-43d215fd9c37f679-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js

185.244.209.62

53 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
53 B (53 bytes)
Hash
bb7e15ec1662efa164ad912bd1c65e19
bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52
a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 53
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "bb7e15ec1662efa164ad912bd1c65e19"
x-amz-meta-mtime: 1715184545.987120598
expires: Thu, 09 May 2024 21:06:08 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4a3245dcbcda0b269b940141ffb7d634-666670dcefe05876-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T21:06:08+00:00, 2024-05-09T15:58:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9f8e0e38189c.js

185.244.209.62

200 OK

68 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9f8e0e38189c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (62971)
Size
68 kB (67575 bytes)
Hash
251c2d0e7b2bdb2f31ec97ef69d99d6f
c5af6012f55f9f3ef0e53299fd6847394b1da5db
ae331a6d23e38a3b03addff890a6c2320719184b3a6f3d90fe5f2eca07815c27

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9f8e0e38189c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"fd9612103f2362b8086939d1c920d9ed"
x-amz-meta-mtime: 1715184545.991120535
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-605d1729f243770e1d058abcb4317eba-c9128fbcf9256f43-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5aac26f85449.js

185.244.209.62

372 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5aac26f85449.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (371)
Size
372 B (372 bytes)
Hash
1da4d94244cc89a54a946028d2eb3d29
f10149930729c1027544edfc80bc5cc93f36d5c0
511577657cf77e30361bdccc3485e5c33c30d0fc322f52592a7bd730ea45a6c9

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5aac26f85449.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 372
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "1da4d94244cc89a54a946028d2eb3d29"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:45 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5b6729659d872e2f19d92ebfbf364713-09a835e93316f335-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:45+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/327334405031.js

185.244.209.62

200 OK

424 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/327334405031.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (423)
Size
424 B (424 bytes)
Hash
31bd7da0b4c3a29a840d1befac27cf8b
ab07ed137a23fe5b743ec0589f6c5c0da7b85258
9a60e8a389d3cd93b0014468deb14c1921ade7deec0c8559a4682a09c3f6f25f

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/327334405031.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 424
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "31bd7da0b4c3a29a840d1befac27cf8b"
x-amz-meta-mtime: 1715184545.983120662
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4af0f1d88f5b49193cca83aad70f0578-dbe235324135ad7a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js

185.244.209.62

450 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (449)
Size
450 B (450 bytes)
Hash
056ce527a12544a37f984ac598be2344
6946b65cf1c68960e5f9ac0900a0df66a13e7e85
cd7cdf53c803ca43a37171180d14c2374e45ab347d309f9b83a107b9ad9b4ed1

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 450
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: "056ce527a12544a37f984ac598be2344"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 08:44:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fb2e3fdaa20afcd4575f9d0c91ddba49-8582a5dcd5a34509-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T08:44:30+00:00, 2024-05-09T18:23:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4f769aae21a0.js

185.244.209.62

200 OK

435 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4f769aae21a0.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (434)
Size
435 B (435 bytes)
Hash
9161fb5b91a09b3026d143479dc567a6
c1fe731351fb1447e76ef38def2d2f869b025007
9a4b211be9ec541c8fbdf213a2ae7b270afdd22674f74ad12b9aec0a5ff6b278

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4f769aae21a0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 435
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "9161fb5b91a09b3026d143479dc567a6"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d0ebe82d849c4b0b74c57bb9729aa737-a03500bd41bdb8a6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.334/285/coloredSvg.svg

185.244.209.62

230 kB

URL
v3.traincdn.com/sys-icons/1.0.334/285/coloredSvg.svg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
230 kB (229758 bytes)
Hash
463d98efe96f74407d9975d3eb473215
1de89a0776de55ae0b2cf4473209fd4b64adfea2
5547249e02ec5955885e041a48623a7f7e9510f968d00f730e75da997d74cacf

HTTP Headers

GET /sys-icons/1.0.334/285/coloredSvg.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"a6f668d0aabdde5402adab210db914b1"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:51 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4d3507e66e4a322d02b4885f0a537bd6-8c7a1def5bd65cc3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:51+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.330/285/common.svg

185.244.209.62

200 OK

125 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.330/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
125 kB (124616 bytes)
Hash
56b08b3dc9ef6c9f2aeab47b034e1516
882e4609a356b957c9b31b1cec80a7a3ef414cc1
1af8578edf74fc6dce0f77630c314c9a45843241d69ac4e41da5c6b081daff7c

HTTP Headers

GET /sys-icons/1.0.330/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 09:41:01 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713260458.134664491
content-encoding: gzip
expires: Fri, 19 Apr 2024 12:42:12 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a4d0855ab238299418e4e394fb6a19a5-72849c84128ceaf3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:42:12+00:00, 2024-05-09T15:58:20+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/dc17f2eac0cc.js

185.244.209.62

200 OK

67 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/dc17f2eac0cc.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
67 kB (66944 bytes)
Hash
623eff5d2c5d020d43fc41e7624496f6
0d5df1c25dfe1b5a65bb11778f053dc1e690ffd6
99b2bcff98c9bf184eb0b113f8d94448290c10f7d7856bcc751e195755544aba

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/dc17f2eac0cc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"828079e9d4483fc9e3fecaf63823dc1a"
x-amz-meta-mtime: 1715184545.991120535
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-600cf8c77cf09e95259a9ea3e2121ed4-31ad881053a441e7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:24 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2c6053897a52805985fe73175f22ad60-3e423408241344ce-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-10T04:08:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

67 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
67 kB (67297 bytes)
Hash
3f907bc67cae905688bf5166af344ff2
bbf9a934c8e28732875b9ed47644c5c22439b16d
2e02684805b41f31d7e84b3691bc2ae31f8121269de3f75188d45ddbb7f57e8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=5
last-modified: Fri, 10 May 2024 04:08:23 GMT
x-time-ng: 0.009
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/40295f87c48b.js

185.244.209.62

200 OK

66 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/40295f87c48b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
66 kB (65631 bytes)
Hash
db9a7b1778e7c3b92447e0173598ddbd
f793ae26070c18ad65dddcd0c60fc39edf5022bc
fdb20c01829df4206acd951568c10b031fac696b86813fa7a453ca99d7777306

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/40295f87c48b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"04021329a63deda1db56e389799543a2"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c06c4d3b4a7c27175c91dc09ef5e5078-4066d35227cd2305-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ea8313b1f9a.js

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ea8313b1f9a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
7.4 kB (7392 bytes)
Hash
23076005c9fbb5970d5c46270f966ac6
f1a6493608464511862e09c0e3e080d227509234
534ab2417b03323b24b8364d87e18e6d593253891a28e2bde20f2f59cd7d6928

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ea8313b1f9a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"84c2ff24404b03b93539885d2c51922f"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1c8ea6478303016f9137e76c124dc3eb-d0c0648e29b14aa3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

200 OK

9.8 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
9.8 kB (9849 bytes)
Hash
57abf3b086bc9c0acea28983624156f6
41727bcb1e43667f99361ed6a00de1e8ff20bfd4
45fd7a861fdd0765e063560e1fa83c961daf14bf8161dc766abd9749430ea841

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:26 GMT
content-type: application/json; charset=utf-8
content-length: 9849
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:26 GMT
vary: Accept-Encoding
x-time-ng: 0.022
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.030
X-Firefox-Spdy: h2

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

200 OK

23 B

URL POST HTTP/2
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
6c05036115a29c820a1736f37a768d30
c24535bbf6dd25c48ba5ca5e2b97b466dfa419e8
227ed44f50848eba16c1289b1ba4480d91946918fb60d632d3be377935d3a12e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Content-Type: application/json
X-Lang: en
X-Uuid: e11671d6-13d5-4dd3-a5be-ddfb46eee94e
Content-Length: 99
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:26 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/472977fdf26e.js

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/472977fdf26e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (1461)
Size
1.2 kB (1229 bytes)
Hash
5b36e492bfb7db8388c8f7494065421c
38ea97f479a27b81641abc0fb3db694bd3e7fca7
2c0275ed56eae47f0c82c67bebe5effba12cf164afccceba6310363c957989b4

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/472977fdf26e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"2f5436be87ea646c3521311f827e6c73"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:45 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-56744b43d268e3b7163f9993080ec2ef-74d227ad2fbebc1d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:45+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715314102

178.253.29.51

200 OK

1.5 kB

URL GET HTTP/2
1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715314102
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
1.5 kB (1538 bytes)
Hash
2ab191270232b69235e28c9a7b00acab
c8f66832080b5ed554d5c4ec6f89c019cbde335b
0f0747c40e1070084bcaf406276aca10b10be2c5aeba2f8c48905a248999e392

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1715314102 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=15, dt_total;dur=41.174, wf-uht;dur=0.050
traceparent: 00-6fc9eb5b241cddd47e54643cb583334e-2c628139cc0b44a3-01
x-dt: 285
x-time-ng: 0.029
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

200 OK

237 kB

URL GET HTTP/2
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
237 kB (237334 bytes)
Hash
a17d6ff3bbf3a3309a6c6899d6066c47
9b52c8fa25a0ebdca03b9c0b91cf0b8f3092a1ae
27dcc300a0f1c6be498c34183c6f710e51a1887d8de4d5b854e682e69c7a6fc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:26 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=24, dt_total;dur=25.667, wf-uht;dur=0.038
traceparent: 00-34ef5435ffb9ff5b9924cd7af41a5a93-e2043bd6d4703737-01
x-dt: 285
x-time-ng: 0.026
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js

172.64.148.184

200 OK

283 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
283 kB (283049 bytes)
Hash
88caa0a5306a65c4d4c4bb3520a417ea
ee940d78c95008a9006069bb53551ce75c9b5d62
bc68a157a74d649422479348f5dfe974bd396f67609bccc100a3da00c4a52fba

HTTP Headers

GET /_next/static/chunks/pages/_app-9c47c295eecaa68a.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"f8027-18f381bf92a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 680447
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113868c00afe-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js

172.64.148.184

2.0 kB

URL
widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
2.0 kB (2017 bytes)
Hash
1d10138d2d3c1ddfb54a850e972d632d
0c75132dc852de87e679c43c6081b2d350d404f8
5a8324498bb7b5d6531ca2aa5e160fdedc654c19ee5130e23f3ad3deea36d251

HTTP Headers

GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 811742
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113858b50afe-OSL
X-Firefox-Spdy: h2

1xlite-461430.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO

178.253.29.51

26 kB

URL
1xlite-461430.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
26 kB (26456 bytes)
Hash
b37f7c2a19f7e14b5b834ec5532af277
473d039dc440744109c049a49da67a08e7157cbe
269006ae20bef66e40b26843e6e400dab00f45c297ea9a50ce467a2b9d3694bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysystems/information/systems?lang=en&ref_id=1&geo=NO HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
content-encoding: br
expires: Fri, 10 May 2024 04:08:15 GMT
set-cookie: application_locale=en; expires=Sun, 09 Jun 2024 04:08:15 GMT; Max-Age=2592000; path=/; secure; samesite=lax
traceparent: 00-3e1ce2d8ca63bfd40db7829cde06da39-c24ecaf12833aa83-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.200, 0.202
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=214.661, wf-uht;dur=0.222
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.168

200 OK

64 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
64 kB (64478 bytes)
Hash
215c59b0bf5733e0afd86f01731df0b8
37a813f6047447c7f8e6d9cd85d1258de61a74c7
4e4dae7e1e614c53a95662266b7fd1eeb4c17e82ccb65a6fd981dd0b62f4a607

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 04:08:28 GMT
expires: Fri, 10 May 2024 04:08:28 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64478
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.168

106 kB

URL
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.168:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10899)
Size
106 kB (106476 bytes)
Hash
7b5d74a062481da3d37f70b341cc29ce
a23626a39c03e7f1ff7f52c8be2e05d48d240b16
75a3027947ba12b5df92c819d702302ad54a00f2a5b89260cb073baf7a650f32

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 04:08:28 GMT
expires: Fri, 10 May 2024 04:08:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106476
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

radar.cedexis.com/1/23802/radar.js

45.54.49.5

154 B

URL
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:0
ASN
#63911 NetActuate, Inc

File type
HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 10 May 2024 04:08:28 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Fri, 10 May 2024 04:18:28 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/002d7fda3d62.css

185.244.209.62

200 OK

48 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/002d7fda3d62.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
48 kB (47579 bytes)
Hash
c73b431ccb04576a642f604dc6939a0b
1d5a3a288e9c99205359ea99009ae57fc754805d
9b0683c69c3d2d73e029bc6a495ddca7c35a31ab86615080da61cd19f9a59f8c

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/002d7fda3d62.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:18 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"294f3a633bf92f7b6f9141c2b31b4bf6"
x-amz-meta-mtime: 1715184545.983120662
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:36 GMT
cache-control: max-age=86400
x-time-ng: 0.012
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-68608f815c1c89548367c541df6b86ed-07d1256b7dcab04e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:36+00:00, 2024-05-09T11:07:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

radar.cedexis.com/1707728419/stub.js

45.54.49.5

271 B

URL
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:0
ASN
#63911 NetActuate, Inc

File type
JavaScript source, ASCII text
Size
271 B (271 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 04:08:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Fri, 24 May 2024 04:08:28 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1504649553.1715314109&gtm=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=482841831

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1504649553.1715314109&gtm=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=482841831
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97
ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1504649553.1715314109&gtm=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=482841831 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 10 May 2024 04:08:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2699 bytes)
Hash
0615fe1d07bf9baf198a79d65eb94917
4c916b9e3a0af2d1e714312b28a77b79a38051ad
57ef07eb3f667ad09947a43420d88a26deb4776ae34dd945851c567de1170d37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:29 GMT
content-type: application/json; charset=utf-8
content-length: 2699
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:29 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.017
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_buildManifest.js

172.64.148.184

200 OK

303 B

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_buildManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with very long lines (519), with no line terminators
Size
303 B (303 bytes)
Hash
06c1d20d74764a4f7dea57ebb09df4d8
d6592eaad86ec7b7bc373774bf911385ea7cf07d
46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169

HTTP Headers

GET /_next/static/f385e6db/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"207-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 680442
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898d10afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

200 OK

2.1 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.1 kB (2084 bytes)
Hash
5a4d721ca1d28659d7a8e53b5378dbf0
e6e068a71afb37316a83a099b41c6b8ddbdcdbe6
5deb5df589ef6f81507b8a76efc8076793d4ee6864d938c6222f93d22caca427

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:29 GMT
content-type: application/json; charset=utf-8
content-length: 2084
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:29 GMT
vary: Accept-Encoding
x-time-ng: 0.271
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.279
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.51

200 OK

2.4 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.4 kB (2417 bytes)
Hash
ecc89f9a4a2fe3423067a6508ed0650e
b51208438586f69989f20d581c2fbd57e84ed886
bd499002d507dbbb2437b74e4586e57d9872af178375ffed7ee24ad7ff08780a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:30 GMT
content-type: application/json; charset=utf-8
content-length: 2417
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:30 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.013
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

200 OK

9.8 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
9.8 kB (9825 bytes)
Hash
87a379a5b4744dd3ec78cbd85e18d442
fc4d4803f6a98590541503a99cb88ca441bea7b9
5e1167fa28dc87ec1b2c1feb73f6bdc402aed2497aeac4ef50eec0a8d90c3a7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:32 GMT
content-type: application/json; charset=utf-8
content-length: 9825
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:32 GMT
vary: Accept-Encoding
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/bfff49986d7a.css

185.244.209.62

200 OK

169 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/bfff49986d7a.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
169 kB (168621 bytes)
Hash
0a682fac494ae6eb5b5560838eb3128c
31f26e3473a9d9610b33f97a6bf2a3d54cf1532a
f689f915a39edcd6560e4e0e2b701ad7cf898a3f98389c3ae601cac9f978357a

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/bfff49986d7a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"fd42a3c47441635be644d6248b61feb9"
x-amz-meta-mtime: 1715184545.991120535
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8cefa7c73395066128b1cc2fbdad118e-eda57a90476ce644-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

200 OK

4.6 kB

URL GET HTTP/2
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
4.6 kB (4599 bytes)
Hash
a17d6ff3bbf3a3309a6c6899d6066c47
9b52c8fa25a0ebdca03b9c0b91cf0b8f3092a1ae
27dcc300a0f1c6be498c34183c6f710e51a1887d8de4d5b854e682e69c7a6fc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:32 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=42, dt_total;dur=94.577, wf-uht;dur=0.114
traceparent: 00-3162a90836045ad9da7e22a66d830a2c-c4a1ec871792bcbf-01
x-dt: 285
x-time-ng: 0.059
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2699 bytes)
Hash
0615fe1d07bf9baf198a79d65eb94917
4c916b9e3a0af2d1e714312b28a77b79a38051ad
57ef07eb3f667ad09947a43420d88a26deb4776ae34dd945851c567de1170d37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:34 GMT
content-type: application/json; charset=utf-8
content-length: 2699
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:29 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp

185.244.209.62

28 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
28 kB (27922 bytes)
Hash
77673f5b9062ff0a3565cba49941a954
f1c6d769ad6f256677c8558f06c4ee98d8e403d3
e78791dcbada0412db798159d9e781f2a50c12f04be4d0a4ecf96a617ec8b33b

HTTP Headers

GET /genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:37 GMT
content-type: image/webp
content-length: 27922
last-modified: Thu, 05 Oct 2023 10:29:56 GMT
etag: "77673f5b9062ff0a3565cba49941a954"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-14200ebd2a0ec5005db38340ad036866-5e543af6ff1db5b5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-05-10T04:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

200 OK

9.8 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
9.8 kB (9825 bytes)
Hash
87a379a5b4744dd3ec78cbd85e18d442
fc4d4803f6a98590541503a99cb88ca441bea7b9
5e1167fa28dc87ec1b2c1feb73f6bdc402aed2497aeac4ef50eec0a8d90c3a7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:37 GMT
content-type: application/json; charset=utf-8
content-length: 9825
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:32 GMT
vary: Accept-Encoding
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

200 OK

4.6 kB

URL GET HTTP/2
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
4.6 kB (4599 bytes)
Hash
a17d6ff3bbf3a3309a6c6899d6066c47
9b52c8fa25a0ebdca03b9c0b91cf0b8f3092a1ae
27dcc300a0f1c6be498c34183c6f710e51a1887d8de4d5b854e682e69c7a6fc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:37 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=25, dt_total;dur=26.807, wf-uht;dur=0.039
traceparent: 00-5e4f620fb13ce24d3babeaa2b111c9e5-c700f79a7161cd6e-01
x-dt: 285
x-time-ng: 0.026
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

200 OK

258 B

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
258 B (258 bytes)
Hash
6b410dd2c07ab8dc7ea3612945386685
9d9b746ddabe121ffedb7dff9e0aff03b92998b1
aa7e649282a2bbf5af23394e678496503278768e36b9f21c74ebe474806513e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:38 GMT
content-type: application/json; charset=utf-8
content-length: 258
cache-control: no-cache
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:38 GMT
vary: Accept-Encoding
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2703 bytes)
Hash
bf417647674982ff7ca73e3108a31b82
9e4b5a47b537967895371de0c95a2e3234d39e22
f2de6e315cd1334353fa667b8210e6b873aecca9fcf513c431315d2b4fa2b6fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:39 GMT
content-type: application/json; charset=utf-8
content-length: 2703
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:39 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

200 OK

2.1 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.1 kB (2083 bytes)
Hash
1ac2f99bcd42696d5486a78793290523
00724e0c55f0560cdaf4b0e20ee9490abf8accde
fb67c30e90b3f0dbc0bc612a265f382013c2548d33d7c6a3daaecac35e71c1ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:39 GMT
content-type: application/json; charset=utf-8
content-length: 2083
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:39 GMT
vary: Accept-Encoding
x-time-ng: 0.066
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.074
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js

172.64.148.184

12 kB

URL
widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
12 kB (12162 bytes)
Hash
ce69c31a8391bf1dea3f8f7d698d59d0
f610203161a612bd09f632e5428fe6719bd8946c
154e0750da9d00be0245a800d32c1adea378ecaf4f0eb2dec1b7b054d4db5e9a

HTTP Headers

GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:19 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"8f42-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 820087
expires: Sat, 10 May 2025 04:08:19 GMT
server: cloudflare
cf-ray: 881711408c400afe-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp

185.244.209.62

23 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
23 kB (23162 bytes)
Hash
02c73c0e2eaa0c7ad721ac2bafa0bca7
c289c333ee79cc2a3e01d6302e941a22da5e43c4
bcf43c5ae29cad6787c98d92c0e91d7af3c1f912a4abdbca1d397a839e7f61cb

HTTP Headers

GET /genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:42 GMT
content-type: image/webp
content-length: 23162
last-modified: Fri, 26 Apr 2024 05:29:21 GMT
etag: "02c73c0e2eaa0c7ad721ac2bafa0bca7"
x-time-ng: 0.045
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1dd75be18f2f8fefceaf4b064f404cf4-f6ab6efd5d3ab6bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T05:30:05+00:00, 2024-05-10T04:08:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

200 OK

9.8 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
9.8 kB (9780 bytes)
Hash
1c27854df947c1b4c060c3f381278cdc
b18f9458f5d82820ccd90119bf3b9a31ed765a4b
f83b558cc98683208ae70474755e745406cd51921a491038219f1a01870281f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:42 GMT
content-type: application/json; charset=utf-8
content-length: 9780
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:42 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

200 OK

4.6 kB

URL GET HTTP/2
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
4.6 kB (4599 bytes)
Hash
a17d6ff3bbf3a3309a6c6899d6066c47
9b52c8fa25a0ebdca03b9c0b91cf0b8f3092a1ae
27dcc300a0f1c6be498c34183c6f710e51a1887d8de4d5b854e682e69c7a6fc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:43 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=24, dt_total;dur=25.327, wf-uht;dur=0.038
traceparent: 00-ee5b3b3182a5f62686732cd6fb868a02-ac77b36de0f1ae1e-01
x-dt: 285
x-time-ng: 0.025
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2703 bytes)
Hash
bf417647674982ff7ca73e3108a31b82
9e4b5a47b537967895371de0c95a2e3234d39e22
f2de6e315cd1334353fa667b8210e6b873aecca9fcf513c431315d2b4fa2b6fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:44 GMT
content-type: application/json; charset=utf-8
content-length: 2703
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:39 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js

172.64.148.184

200 OK

564 B

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
564 B (564 bytes)
Hash
f9855773e1f0be7dc6898bb95de93f10
e55e9832cf7bb1a6ed01dbb4b44351a3e0edcf8f
f5f5db09753e517e1c05f08b5d40c926ef58d57d64899d0d4daa0d008f7139e4

HTTP Headers

GET /_next/static/f385e6db/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"4d-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 680448
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898d20afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

pp23vi1.com/static/pixel.gif?1715314124580

178.253.14.123

43 B

URL
pp23vi1.com/static/pixel.gif?1715314124580
IP
178.253.14.123:0
ASN
#202492 Silverhill Group Holding Ltd

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /static/pixel.gif?1715314124580 HTTP/1.1
Host: pp23vi1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:44 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp

185.244.209.62

21 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
21 kB (21412 bytes)
Hash
1e9191583a9bca6627e85945c6c5d3f1
f2d4d5e76e448d1dd986c9616a660ae6c7806dde
733d49aa25dab77ba7fe51a0a831f51e988d3201c5cfc6fbc808c3b2c59b48c1

HTTP Headers

GET /genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:47 GMT
content-type: image/webp
content-length: 21412
last-modified: Fri, 12 Apr 2024 09:23:52 GMT
etag: "1e9191583a9bca6627e85945c6c5d3f1"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-12T09:33:12+00:00
traceparent: 00-1b8449f26491b971285ed604440cc6e0-a70a0bc3acf067c5-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

200 OK

9.8 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
9.8 kB (9786 bytes)
Hash
37172274397007062ef0377ac8b7c4cd
c7ae8110370392634f59bf604c95ecfe6a61fb70
602f2eba34c0562570f8c15a6a0b28fc8ec544fe709539081c47119a573a6179

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:48 GMT
content-type: application/json; charset=utf-8
content-length: 9786
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:48 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

200 OK

258 B

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
258 B (258 bytes)
Hash
6b410dd2c07ab8dc7ea3612945386685
9d9b746ddabe121ffedb7dff9e0aff03b92998b1
aa7e649282a2bbf5af23394e678496503278768e36b9f21c74ebe474806513e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:48 GMT
content-type: application/json; charset=utf-8
content-length: 258
cache-control: no-cache
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:48 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2694 bytes)
Hash
0f96d941780b99bd25d80d3e0ce02167
1b23c514d1dd96f18f9bd9d45c03acd818845a60
fc22aeb5f35292aee29cd6c365920a8d132022502f2a73d8eba50745d3006c3a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:49 GMT
content-type: application/json; charset=utf-8
content-length: 2694
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:49 GMT
vary: Accept-Encoding
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

200 OK

2.1 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.1 kB (2085 bytes)
Hash
159acbf75180f74f64b0981769813756
abba7783e46f2a4d36f79e7e9ed57d769f0f52c5
493e7b6b78dcc1229ab384041713c7ab70f9d9b7cd7b652010153b6394ad1473

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:50 GMT
content-type: application/json; charset=utf-8
content-length: 2085
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:50 GMT
vary: Accept-Encoding
x-time-ng: 0.062
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.070
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.51

200 OK

2.4 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.4 kB (2427 bytes)
Hash
f182d52bb270da674b707402ca1ba5b0
ccbce89aa99f752c06acec7e00194814950dd449
334f53da07bd0b1e78eed7c33d79b3c4f41a9e648d9fcdafa20c229dc18213fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:50 GMT
content-type: application/json; charset=utf-8
content-length: 2427
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:50 GMT
vary: Accept-Encoding
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js

185.244.209.62

200 OK

32 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
32 kB (32236 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 7382
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cd6"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fecc1b72bae4e17e668d37b2787a405d-fdc406c41ca4406d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js

172.64.148.184

200 OK

107 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107186 bytes)
Hash
d0a7ecc59065580118a9ea8880c58962
21573546ac5011592094ef6aea0696ccdeb2164d
e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5

HTTP Headers

GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 816024
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898cf0afe-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c6409e21932f.js

185.244.209.62

200 OK

731 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c6409e21932f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (754), with no line terminators
Size
731 B (731 bytes)
Hash
c349ca92c209152e9f8f6f8a9e41d413
a63b3601a5fd052a850c4ac562ad20f8e63e5eae
b27b91835745617650b4410ebd07b094f0319340f1e364d594b3efaa9cc4440e

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c6409e21932f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 731
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: "79c1e0d539880fd610f91e5b16085eec"
x-amz-meta-mtime: 1715184545.991120535
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d1b4ca14f5bac6d002ce26969aebb7b9-c49d16c31c4c53a3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

200 OK

4.1 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (4981), with no line terminators
Size
4.1 kB (4112 bytes)
Hash
751af57551a8b95e45297d090cc48dbf
d90daf677f4f74e56b519023736feb1a5f49ae21
9a2de490426f13dc127623402f0ebf2677ee9aa1b5cd9c157971e13a4c2b2352

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:19 GMT
content-type: application/json; charset=utf-8
content-length: 1448
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:19 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/08646c799532.css

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/08646c799532.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (16987)
Size
17 kB (16988 bytes)
Hash
68721335fcec1406a789e81bb2cfef91
03c0a4c84fe4fde3f9c5f76eba498de26ecfe4b1
08646c7995320ed62abc174cc01c935d98236c3bc27710d9ab2abf1ea82e0458

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/08646c799532.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"68721335fcec1406a789e81bb2cfef91"
x-amz-meta-mtime: 1715184545.983120662
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a390dc7c7fe84ee38d7d2966c1c6d29b-20d94c688c56e611-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/hd-api/external/api/web/v1/j/634g0g0e8l311g0f12ce75e27b63c5f9ba7d3ab552453a6ed2e0

178.253.29.51

200 OK

619 B

URL POST HTTP/2
1xlite-461430.top/hd-api/external/api/web/v1/j/634g0g0e8l311g0f12ce75e27b63c5f9ba7d3ab552453a6ed2e0
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (625), with no line terminators
Size
619 B (619 bytes)
Hash
d4ba0344dc3ad109819b4b1cf5b922b8
b1672f5ecc896b99bd511a450629d80342484db1
1732f0540437b318d794a20d5053eff39934f459767b70eb49d7eb50d5628554

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/api/web/v1/j/634g0g0e8l311g0f12ce75e27b63c5f9ba7d3ab552453a6ed2e0 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105936
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:26 GMT
content-type: application/json
content-length: 516
content-encoding: gzip
traceparent: 00-465f5a88929c9aa976c1134966d84fc6-3310e811b57510e4-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 90033d87e85ba7259a5aea606932c6c1
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=8.916, wf-uht;dur=0.034
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-b5724bd6.js

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-b5724bd6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (15997)
Size
16 kB (16063 bytes)
Hash
6d90c5998c2ceb8a008e3c6eef4c55e5
6b68a02d6362d6661be529eff19cf1baade8d48b
b1e36624011507a84987d59ffc7f689b32e47476be990c1add266f24c00c1088

HTTP Headers

GET /_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-b5724bd6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 5562
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-15ba"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:49 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-df2c867f64652ac3d4c66c7e1bbbebd0-9cfe9a50c29ccb33-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:49+00:00, 2024-05-09T11:07:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1036), with no line terminators
Size
1.0 kB (1025 bytes)
Hash
305de1535e3f2a45efa2f1dd096f496e
9fd79178b39d8a196f9f3640758cc5285f5914fd
9b0fc84933536e9c4ca4b8013f656f393c6073e746901340133cbc11059aec46

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 14:32:04 GMT
etag: W/"8fecd56fc5520134f3c39b17431fe0c2"
x-amz-meta-mtime: 1715264772.785909534
content-encoding: gzip
expires: Fri, 10 May 2024 15:18:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e4f2053d156e00a10addcfde60007105-c335b522e128bb79-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T15:18:07+00:00, 2024-05-09T15:59:41+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
22 kB (22195 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_full_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/json
last-modified: Thu, 09 May 2024 14:03:54 GMT
etag: W/"65c4f8441dea9f78c50a9fc7029f9193"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8e300a093c9e9878a8c559e17e07186b-d59d00054f9c6b5f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T15:51:33+00:00, 2024-05-10T03:13:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js

172.64.148.184

200 OK

108 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107844 bytes)
Hash
83680ce862de40c43fc92e04b1ad0a3d
67eb6762545f4e1fee446794f4738d0f0577b6b4
e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75

HTTP Headers

GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 806182
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113868bd0afe-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1228 bytes)
Hash
1ff133ab01d208b0d686dd88d85e239a
86a0501b79a1c553eadc829177a9e6ffff1948be
9ac21c63d1c8b7abe4c94550a731baff995d34c745c1d08fdf8d5e5c8de268f1

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Apr 2023 11:51:30 GMT
etag: W/"3ae81b002dca46d3b732ce3e03ae35c6"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c3a1e3ca0e3ffd435e86d6d5da0c5dcb-367787c3e6d3b968-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:36:11+00:00, 2024-05-10T04:03:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-244fe993.js

185.244.209.62

200 OK

76 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-244fe993.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
76 kB (76464 bytes)
Hash
355ce5bc5ad3ce4d9f2f42f33af33a73
3cb3452330b81cf844be98de00fd4c54717c7cf8
0a79ccdbc986e060b53a249945fd32b5a2b892bfcae6cf9ff7dac154ad05d380

HTTP Headers

GET /_nuxt/desktop/default/vendors/RegistrationWidgetApp-244fe993.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 20768
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5120"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7ff58f6dfe1ac8c8bc4bf878769fb7a5-65d6486cc5f483b4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-09T11:24:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/4110.webp

185.244.209.62

200 OK

752 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/4110.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
752 B (752 bytes)
Hash
bf6f7c70498b7da87ddcc88dcfea013f
764c8064e06fdebe2c5de4709de3cc73d5e4e845
f0b4189aaac44a4515576cc12c9725eadfa6a9e104834fb0d8c1141029eaf63e

HTTP Headers

GET /resized/size16/sfiles/logo_teams/4110.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 752
cache-control: max-age=94608000
content-disposition: inline; filename="4110.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 12:15:03 GMT
x-request-id: 3d039d8bf195f57a87434b334b4c528e
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cccfd31882514077be367d9377d1a541-a651109d431cdac4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T12:15:03+00:00, 2024-05-09T15:12:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/35fa91628fa4.js

185.244.209.62

200 OK

24 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/35fa91628fa4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (23507)
Size
24 kB (23508 bytes)
Hash
1c8f8a55f3c3a7955b08ed9c055a1b3e
3a31f8d3cbaaaf74e4616c9ab944919e0cd4c70a
f900155624ef7437112d00e9a9966a755cb6588dc9c19bbed7a6de031502b8f9

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/35fa91628fa4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"1c8f8a55f3c3a7955b08ed9c055a1b3e"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e6bf3cfba270c26403c6107b45bc93eb-0f81342abea8e6e2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/4a689a87d8ebf60b4364d9d9327b1da2.webp

185.244.209.62

200 OK

784 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/4a689a87d8ebf60b4364d9d9327b1da2.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
784 B (784 bytes)
Hash
a30f5eeaa542f15042b79418b5cea3af
f5a7359f28149b66804de9d31306a5f3368963e9
6ce13a766ae93a94e3d125f839fe38db43dcb2029d01c9c5f3682ded2faf6526

HTTP Headers

GET /resized/size16/sfiles/logo_teams/4a689a87d8ebf60b4364d9d9327b1da2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="4a689a87d8ebf60b4364d9d9327b1da2.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 13:28:38 GMT
x-request-id: 3302163ecfee47064da468175702d282
x-time-ng: 0.024
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9f737f54c18b11489c4bfdd387227b36-4a5e56a5b6562f73-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T13:28:38+00:00, 2024-05-08T13:29:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/532218eba9ad19dfb7c6511f5f91fc3e.webp

185.244.209.62

200 OK

784 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/532218eba9ad19dfb7c6511f5f91fc3e.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
784 B (784 bytes)
Hash
0944eb0801862630a4b35752cb8df917
c3722a7ce36aba09dfa64afe9a4fd7696da1cf59
0da704f6a95a24db65f6d19691a12806f18a2619678dd221c2bd580bfbbfd2d4

HTTP Headers

GET /resized/size16/sfiles/logo_teams/532218eba9ad19dfb7c6511f5f91fc3e.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="532218eba9ad19dfb7c6511f5f91fc3e.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 00:55:18 GMT
x-request-id: aa58cab5b8991b329f298cc3afd79e58
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-32c0cb8f1d57452b47372e846e3762f8-eb1245ef613df3bb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T00:55:18+00:00, 2024-05-06T17:12:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg

185.244.209.62

200 OK

147 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 1380x248, components 3
Size
147 kB (146802 bytes)
Hash
30217fec6a8f72391df21e9bc8e93cc2
1a54894f595d2053120c266d06ed2f225d088c18
5b04fa58c5e4599d45377aebcaaef7dc64d175852ff7fdac774d71bdbb4d02dc

HTTP Headers

GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/jpeg
content-length: 147402
last-modified: Tue, 11 Apr 2023 18:15:17 GMT
etag: "9d1ab102184100544b4a72fcc6a8c458"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d097fb77b066625fd6257355deba17af-4bf4fefb0de21ee9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:06:31+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp

185.244.209.62

200 OK

8.9 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
8.9 kB (8880 bytes)
Hash
7a49dad906575c61dd636edbe1201479
d4bf0fbfadca8c6d3a7ec8f3d34d08fced98a21d
0e0cd085244f6272acfa6794d90e32685fa203973e85c62fa96f02cddf7172c6

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-58.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/octet-stream
content-length: 8880
last-modified: Thu, 31 Aug 2023 08:11:00 GMT
etag: "7a49dad906575c61dd636edbe1201479"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:21:44 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d76cc97c786433612c7b74443c11af6e-a2fa8351f0fe9a52-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-09T08:16:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/1996.webp

185.244.209.62

200 OK

1.4 kB

URL GET HTTP/2
v3.traincdn.com/resized/size24/sfiles/logo_teams/1996.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.4 kB (1392 bytes)
Hash
886a20096e1c4869d510740a41df5812
7a9a79a4ca6251afba1a3910efeb6bca4a425ee6
3b8952ad0299b2b7039e1dc767edeaa840348e71ae43b3805badd8a6fb2a4598

HTTP Headers

GET /resized/size24/sfiles/logo_teams/1996.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 1392
cache-control: max-age=94608000
content-disposition: inline; filename="1996.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 11:19:47 GMT
x-request-id: cd48375ed13b2fcc5782e27042338191
x-time-ng: 0.067
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7fd02df4f6f10bd94704ca1254e30b43-6a2715186285724e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:19:47+00:00, 2024-05-08T11:29:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css

185.244.209.62

200 OK

36 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (36387), with no line terminators
Size
36 kB (36387 bytes)
Hash
e6a26e7156450d40bffd62c65dd8a90c
3fa5029748cba881c7be759257525f206cb8e81d
5c473dbebadbf8c838ef80cc2106faa4c96d3822f7d61dd282e2cd11c680eec0

HTTP Headers

GET /genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 09:12:07 GMT
etag: W/"e6a26e7156450d40bffd62c65dd8a90c"
content-encoding: gzip
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-964caf0eba3ca8435aa92f49bd7c096b-faadd988eb23bad7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T09:19:03+00:00, 2024-05-10T03:22:53+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js

185.244.209.62

200 OK

26 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (25972)
Size
26 kB (26047 bytes)
Hash
6d75d9fb64764579504c00ce537f6ff1
5661eb661bdef0a6a8bdd029ba5b7b9eb050e15e
bf2a87bf4b4484a7ff05c40e1b4c94a316800dedb9445359cda5e43efa825d9f

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 8522
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-214a"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8f813fecc2fc3372a75fb6b0ccd2e57a-2feb76ff4f0e0ed0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/hd-api/external/api/web/v1/converslon/load

178.253.29.51

200 OK

33 kB

URL GET HTTP/2
1xlite-461430.top/hd-api/external/api/web/v1/converslon/load
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
33 kB (33311 bytes)
Hash
04e6ed7d770439e36f5ab4108e819bb4
bdec5b6797c0b192717db2e049651eb3e99bd709
d22e2c9fb29ad742fcbf751c9b0296253ef0e49b410684e4b0a3deda31cfdfa1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-779e866d1c866205d829969d64c8d3ef-9a12e92c42d989bc-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: f75d0543852348e927a2a203223259b0
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=5.255, wf-uht;dur=0.013
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/f5fc4930530797a82db38c2cc8fa8557.webp

185.244.209.62

200 OK

656 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/f5fc4930530797a82db38c2cc8fa8557.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
656 B (656 bytes)
Hash
b86fd4a0095c5474eb197614869941dc
c0bac0876d91c86f4044285fe80b3a17dc26ff5b
1dccaa89d539bb247bf3107d6bf6cf3ef3631e5fa73cfb5668ab8da7b8bacb3e

HTTP Headers

GET /resized/size16/sfiles/logo_teams/f5fc4930530797a82db38c2cc8fa8557.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 656
cache-control: max-age=94608000
content-disposition: inline; filename="f5fc4930530797a82db38c2cc8fa8557.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 00:25:39 GMT
x-request-id: 9385cf712589399d6e754b181873b990
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-31dcec0b1755b74ff7a16d3091adb9db-2e6a76bb07bdb8a2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T00:25:39+00:00, 2024-05-07T21:40:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:26 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-75409a12a67e265e5dbdcadb6d9fac0b-f95f7d327c89a33e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-03T07:12:40+00:00, 2024-05-10T03:33:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/38023f75e90b.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/38023f75e90b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1556), with no line terminators
Size
1.5 kB (1523 bytes)
Hash
46de4e50e73a04e8307048b4d1139985
516cc776a642163fd602e85b589886996d609d5d
270fc9804f59ef70ba5996b1a07f91d2c994a7ad51c4b482ce93cb164b81e023

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/38023f75e90b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"8a7d471cf2bc2319c80b135e841a4440"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:45 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-261cc0f0e1d527b07cf9c037a8f62c52-1277b1fc0d61343c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:45+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js

172.64.148.184

200 OK

141 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
141 kB (140949 bytes)
Hash
896d1930437c1ab92b8a359c1d6fdaae
71e0e23d1af9722f356eb5d1c497d100ec8b0f7a
8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4

HTTP Headers

GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 11 Mar 2024 06:37:37 GMT
etag: W/"22695-18e2c3b24d9"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 811742
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113868bc0afe-OSL
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/registration

178.253.29.51

200 OK

3.5 kB

URL POST HTTP/2
1xlite-461430.top/web-api/registration
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
Unicode text, UTF-8 text, with very long lines (3790), with no line terminators
Size
3.5 kB (3538 bytes)
Hash
6404887dd8d444876d728785f6314374
0cddac90bc90d8d1e52211d25ea728b96441efb8
783ced4de55511848ae604cd1f938fb701451edc082773f2b0b90cf5e84e3b22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 17
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:19 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=31, dt_total;dur=32.414, wf-uht;dur=0.044
traceparent: 00-fb1ffd9736489b9e33ebe8b361d169bb-c0978fa1d76b3277-01
x-dt: 285
x-time-ng: 0.032
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5171), with no line terminators
Size
5.2 kB (5171 bytes)
Hash
5d231bea9b7df6bc1e9e74e3c0a231e1
2ef607f0c766fff1b4b1e90a2d98e7094c81721e
c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b

HTTP Headers

GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/css
content-length: 1050
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-41a"
content-encoding: gzip
expires: Fri, 10 May 2024 08:09:42 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bb3eac87c39217f4166b9b964af8f1ac-2f8fc28efed86090-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T08:09:42+00:00, 2024-05-09T13:02:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

200 OK

4.1 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (4981), with no line terminators
Size
4.1 kB (4112 bytes)
Hash
ba370cdc967018b5d26504fc2eeb739f
3e18f765f49d029524830e390796c1ac22103c7a
fe6f5d8eae8ef24fd85e4cd22a8745ec1fdade9f41b0294e5746d1b73a7cbf30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:32 GMT
content-type: application/json; charset=utf-8
content-length: 1448
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:27 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715314097

178.253.29.51

200 OK

90 B

URL GET HTTP/2
1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715314097
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
90 B (90 bytes)
Hash
e45f90dcbe718dea3476c4b69b501a4e
e9af26a93c467a77e4733ec537f4f5ce7a4ba089
a439dd8761d9fd4ff88e82e83200877703594491065880dbd4e59ddf4ce1b204

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1715314097 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:18 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=15, dt_total;dur=461.197, wf-uht;dur=0.469
traceparent: 00-6b036655ab51f72c4fcfaf01eb7dea2e-0ca59fd66578a02c-01
x-dt: 285
x-time-ng: 0.261
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js

185.244.209.62

200 OK

101 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (35828)
Size
101 kB (100701 bytes)
Hash
51ddc52774f4e5bd6a6f1c22e9d19674
374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4
642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_M4D4AAJL.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 07:12:11 GMT
etag: W/"51ddc52774f4e5bd6a6f1c22e9d19674"
x-amz-meta-mtime: 1715238619.542425469
content-encoding: gzip
expires: Fri, 10 May 2024 12:42:09 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-39b133cbfb38c5c815d4f2a71a1fbf8f-0b71869b786f1943-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T12:42:09+00:00, 2024-05-09T12:51:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/config/all.json?lang=en

178.253.29.51

200 OK

123 kB

URL GET HTTP/2
1xlite-461430.top/bff-api/config/all.json?lang=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
123 kB (123027 bytes)
Hash
ffaeb60ed9fc6828a74fc178b465a21c
0fb0ad3b58ed570f1dcb8e4a406f28f10cca5aca
7711f9698c05e565d7051fb73613b3fce3cec8a2f86100315483205e2421e7c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/all.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=3.44, dt_total;dur=45.201, wf-uht;dur=0.054
traceparent: 00-476533670fd2733c938489c48987e8b7-8399e1eb7db54083-01
vary: Accept-Encoding
x-cache-expire: 482
x-cache-hit: 1
x-dt: 285
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7774130ac645.css

185.244.209.62

200 OK

73 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7774130ac645.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
73 kB (73131 bytes)
Hash
72d7956858a098291f07282500a246ed
e21f7354594691b0892511b47f2887ed5edbdfa3
7774130ac645e01567a229b29aed1c27db16fff07abee04db668b57d9673f980

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7774130ac645.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"72d7956858a098291f07282500a246ed"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1714dcca2bd5400a72dc5723f7ae3a87-84f7d820712ad3c2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css

185.244.209.62

200 OK

1.0 MB

URL GET HTTP/2
v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
1.0 MB (1048668 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-ui/3.2.3/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:18 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 19 Apr 2024 10:53:25 GMT
etag: W/"64d292a033c097211f9f4c21ffbcb2b0"
x-amz-meta-mtime: 1713523729.13591556
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:54:48 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3750517b7b7c57d428eccb040218eb6f-d6866490c5d7a0bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:54:48+00:00, 2024-05-09T15:24:01+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size14/sfiles/logo_teams/4098.webp

185.244.209.62

200 OK

638 B

URL GET HTTP/2
v3.traincdn.com/resized/size14/sfiles/logo_teams/4098.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
638 B (638 bytes)
Hash
bcb5eff8c000da9af1303576b304fb18
412933d6a0b0dd7e85490fdc14d5274159bcd39e
9ecb8865152fa80150401153a6a07f7f7504d9647759d983ef0b2e164aaaaef7

HTTP Headers

GET /resized/size14/sfiles/logo_teams/4098.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: image/webp
content-length: 638
cache-control: max-age=94608000
content-disposition: inline; filename="4098.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 11:28:01 GMT
x-request-id: bab7ec5e1b0e16ccac119e2edb17de4d
x-time-ng: 0.050
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c96b60fadd856c23f60195dfe1eedf7f-a86304b839a42175-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T11:28:01+00:00, 2024-05-10T02:56:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1232 bytes)
Hash
a436db0af736498349f0127d8e7fab1e
b07e2c449cf16ddb052ce40d881db13a0c890b9b
93261a519c1cea62e2c934496d5e0cbd1cbc8f65b4961811316e55d9e7c96ede

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4b05eab9417d52e1cc5451fbe0315395-61e04705531cabca-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-05-10T04:02:29+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js

185.244.209.62

200 OK

69 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32238)
Size
69 kB (68856 bytes)
Hash
138de5d55ee831195dd90bbf5c557926
4413082980942643803d8d4567df2f8395c0e868
55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd

HTTP Headers

GET /sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 13:08:03 GMT
etag: W/"138de5d55ee831195dd90bbf5c557926"
x-amz-meta-mtime: 1715259983.675899864
content-encoding: gzip
expires: Fri, 10 May 2024 15:18:16 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c879246a9459e01f4aaa6b07c6af4692-7e320f539acfd181-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T15:18:16+00:00, 2024-05-09T15:57:58+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js

185.244.209.62

200 OK

25 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (17403)
Size
25 kB (25139 bytes)
Hash
701ad5a22b8ea7213a53e334d0898349
87749d947f6aa40eb671447b58261d710ec5479b
07669c2ea7c29dd69e47f5518ba73b76389f3479e19f7362b461ef0fff96c1f0

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 07:12:11 GMT
etag: W/"701ad5a22b8ea7213a53e334d0898349"
x-amz-meta-mtime: 1715238619.542425469
content-encoding: gzip
expires: Fri, 10 May 2024 12:42:09 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cd7b9fd8d8f75de86d9504f0c0fcddd7-4ff03e77ea4c6afc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T12:42:09+00:00, 2024-05-09T12:51:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg

178.253.29.51

200 OK

263 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
SVG Scalable Vector Graphics image
Size
263 B (263 bytes)
Hash
dbc38523726c88d79a0dcc19839a6905
5244c0aeaf9bbffb286ca9156844c4a509a5585a
6711e073efb320b48b648ac5e2e30e88c93829d80ed571b4d3c92cf4e56e4fa4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: image/svg+xml
content-length: 263
last-modified: Fri, 23 Feb 2024 10:01:24 GMT
etag: "28e2c161800b61b985a163f5c492ae51"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/ec1e426c7393450f663015d72acc2292.webp

185.244.209.62

200 OK

680 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/ec1e426c7393450f663015d72acc2292.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
680 B (680 bytes)
Hash
b17065f001157df262fb278c8793c3de
3ad689b20495df4d88ff0b5506688a287f24a86e
b12afb6e701eafa95d35c0b27e82b2f4bd38f5c3f7007a82daaca6456dc196cc

HTTP Headers

GET /resized/size16/sfiles/logo_teams/ec1e426c7393450f663015d72acc2292.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 680
cache-control: max-age=94608000
content-disposition: inline; filename="ec1e426c7393450f663015d72acc2292.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 07:00:13 GMT
x-request-id: ced9901dd30ef69a1fcda5e70dbe13c8
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-28c4997e6b4b6ea3bf96210988981dcc-ca5d6bccd681374b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T07:00:13+00:00, 2024-05-08T17:10:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22379a3ea7-a3e4-40fd-9eee-3ddec1afa16f%22%7D

172.64.148.184

200 OK

24 B

URL GET HTTP/2
widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22379a3ea7-a3e4-40fd-9eee-3ddec1afa16f%22%7D
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
d6bacfff68d40ad2744454c2506cc0f9
85f1f094d174fd4d78bd382c7948b95e9db93215
cd0483a083f6c73e9cd006ee073b875188c49f4025f771ecbcb795d40ac980ed

HTTP Headers

GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22379a3ea7-a3e4-40fd-9eee-3ddec1afa16f%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:19 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 881711406c3a0afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/fba16e275a7f.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/fba16e275a7f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1060), with no line terminators
Size
1.1 kB (1059 bytes)
Hash
4250681e9638701710d7a39789f5d5d7
8e9035ac672487139578aeb90420b7d8be7aa46f
b178f0c5e4011b7d34746093ec203b2dce86c2e1b8795efe8af7f21437adbd85

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/fba16e275a7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"09cc238307fce08863e8f51282885df9"
x-amz-meta-mtime: 1715184545.995120472
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-984b81e65bac9b90c43c6a1f8a93e990-1fbba8da3235cb03-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e9c3c91c857e.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e9c3c91c857e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1063), with no line terminators
Size
1.0 kB (1024 bytes)
Hash
f1b354548908409d1a1339f2cf2019bb
8708595f8d7de989760cd5cbf7b6304c44ee9305
56326bbc4cb79494e0303b407d706799ceab518e26cc7013e9c2f15afac5beaf

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e9c3c91c857e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"79b20e2721490ad601fb0a6be2cac709"
x-amz-meta-mtime: 1715184545.995120472
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6900679543bc933e31a60abd9ae1a28f-3224c853c5df8abe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/version.json?timestamp=1715314094035

178.253.29.51

200 OK

11 B

URL GET HTTP/2
1xlite-461430.top/version.json?timestamp=1715314094035
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
b5e183e29f10d2c0e84afe94c66794e5
6ed05bb7968c0e6d76c9988d54ca9feb484a16f0
4dd88e5f3a38dfa4a71f871df86fb936135e09555ae04d3ec37dadf59b13ac4f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1715314094035 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 09 May 2024 07:16:12 GMT
vary: Accept-Encoding
etag: "663c783c-2c"
content-encoding: gzip
expires: Fri, 10 May 2024 04:09:14 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/918f54786acc.js

185.244.209.62

200 OK

1.4 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/918f54786acc.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1424), with no line terminators
Size
1.4 kB (1413 bytes)
Hash
422bf446d8c95d96c215381bbf71062d
e4d3ea7751e0410e4a453b0465ed8a1f7fff1177
9547ce46eef6a9bc2de8bf243f5a996271c6b912eb1f47f8168834c1bbd04501

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/918f54786acc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"f06694004f6f9f402370d0b451d32116"
x-amz-meta-mtime: 1715184545.991120535
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a50890b3dd134d946010cd8975e0868e-54b9a75a30eefe88-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (119)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML