| 1xlite-461430.top/polyfills.js | 178.253.29.51 | 200 OK | 0 B |
URL GET HTTP/21xlite-461430.top/polyfills.js IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /polyfills.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js | 185.244.209.62 | 200 OK | 15 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (47215), with no line terminators Hash9d26081d0b3d4583fb993964e34ebc20 7354028aab0bc7bf47ae19a8ad043a5b963ac9b4 9c88d5d68f360228d938c9d263160133a15c53fd5d7989317406b54a662b469d
GET /_nuxt/desktop/default/runtime-e2ae0378.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 14754
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-39a2"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f62c10caf4c327b7cc2540200950b63c-6b2f11cb63767498-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/a4f501bb.css | 185.244.209.62 | | 7.4 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/a4f501bb.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (54112), with no line terminators Hash32a89d535782c71f2aee2541afe97325 9ad12cc6ccd6b059073f779e9d91c6c6674e1289 ea1bc845a76d5e0e7738e217f8f0c47ac62ace9bddebba5059499b3451aa6ef8
GET /_nuxt/desktop/default/css/a4f501bb.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 7418
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cfa"
content-encoding: gzip
expires: Thu, 09 May 2024 10:53:53 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-04727037146eb263eb5aab22a46c1142-99072ff63a159c18-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:53:53+00:00, 2024-05-09T11:24:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-ed878a1c.js | 185.244.209.62 | | 59 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-ed878a1c.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64940), with no line terminators Hash5ff13429a94dba4fde01014c1591bdf7 1a06c2223b80f772f239ca9b43afaf9138e9f249 ac879c8f8ae127fc2be4ad3614ce26de5e7caea828b1637ae5cc1eff88be47c7
GET /_nuxt/desktop/default/Page.Betting.Main-ed878a1c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 58737
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-e571"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6ceb9eb5ef3206e9fa593a17b023b441-fcbba223e6ff63db-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-687fd893.js | 185.244.209.62 | 200 OK | 10 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-687fd893.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (40657), with no line terminators Hash9d4610cd8209d67832cf080bf61f5141 8abf1cd6de0691b6fc5c77315ed88f0a4441a3fb da2d895ba8eb08658c949976016308caf3c75c06e604495160523d09d16659f9
GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-687fd893.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 9958
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-26e6"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5609760b75ee2dc27ca015d8b2e85742-87df47ae4e0da0b6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js | 185.244.209.62 | 200 OK | 9.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (31683), with no line terminators Hash3ca2554a30cd9245966f39206d05ed01 b7e1bc94b6c370bc32a9b57e52dfac27264afdce ff808bc9910f34faee9d25b4d9dcff5c145337ca0211d762b6c58a08f86512b4
GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 9211
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-23fb"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4b8a6342a47e8d038443d7b7266ab887-25f2a3a5b827e499-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css | 185.244.209.62 | 200 OK | 336 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1099), with no line terminators Hash6921418ff9395c44037498a4cf17ee66 31879049279e2cb5bc06b249d80d1735ef112b19 e6de221b29f3b4e47505c877067f28565ab5e1b419dc5003aca29c49596e73ab
GET /_nuxt/desktop/default/css/a7906856.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 336
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-150"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3ca88faaa735cd18cd829e9b2e864d17-09124019a5f851b8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-09T14:03:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css | 185.244.209.62 | 200 OK | 1.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (6716), with no line terminators Hashbe35c859b4087d52ff863e02472b7438 acce1097a331dc2ec0669d17db06c679e7c81be6 af7c9af6bda4b329f14b870f4df09e1b11e87d8dba17c30eed496dc5d27dfc1f
GET /_nuxt/desktop/default/css/6cc025d5.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 1324
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-52c"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f1457f52dc56edf4ca8296360ca02aa2-3ae1eee7c20d0d86-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-09T14:03:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-cf4815fb.js | 185.244.209.62 | | 2.2 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-cf4815fb.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7613), with no line terminators Hasha5c888bdb9f23e6caa2be4ab6b51a122 ab069acde93615e5ccc7be7b574776c3531d7d8d 58ba1711ce4cb98aa516b12ee7777335d514e05000c6b1940c75902692f6f1a1
GET /_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-cf4815fb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 2211
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8a3"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0009ee0815203c04c513f38647f03639-0250d547f6357214-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css | 185.244.209.62 | | 1.5 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (8509), with no line terminators Hashb0cd3891fe08ec67c50bbdfd9f7e9181 205511f8e55a0498e8129c290759a26ba4a4db31 75c619e9cabd7b2c1939e6837909e12c51fb3e68888ba20d650cb1939f983f6e
GET /_nuxt/desktop/default/css/98ce2926.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 1491
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5d3"
content-encoding: gzip
expires: Thu, 09 May 2024 12:27:06 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ad0f200daf1655822015e1f3b6f05211-d289db016920daf5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-09T14:03:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-8d3c6808.js | 185.244.209.62 | 200 OK | 4.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-8d3c6808.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (14590), with no line terminators Hash7399f5efa5d37b59176705a2377c2c45 5c11bebee2318c71972feafcd1a2a90ff47c5634 250ec267f3c9edf72e68005b6a91620725eebcd145c85d2c400dd7361a153ea7
GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-8d3c6808.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 4204
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-106c"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d1a1c9f10868f0953f46b1b294fd29fa-344d00d2caf63564-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-23276dd1.js | 185.244.209.62 | | 18 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-23276dd1.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65113), with no line terminators Hash95f88aaf23013ee72af96785289d78ad 6b84c0d3300d2e3b282134783be74836ee684f4c 256749431c78a25466e1fc4b433d87efe7315ec0ae78cb94f8b481b33e285d70
GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-23276dd1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 17694
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-451e"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9b35487f0c79e1242807184e100fe146-4eba3f6cb0c106c9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-4006d825.js | 185.244.209.62 | | 5.9 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-4006d825.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (21430), with no line terminators Hash77615e478beec6dc548b705fc1c55c2e 2f8dbad1324027ce98da1ea4b56a23c601fe9a1b 17f9731f8dad966c8f89f8814e18699c374deff1666197abf9245d3787a12933
GET /_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-4006d825.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 5896
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1708"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-65ed5ce2b3cbb956d9fcaa887cb1a322-0c6ff69a6aef3f29-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css | 185.244.209.62 | 200 OK | 2.8 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (20960), with no line terminators Hash6cae6098e169876c305ca92f82fe3cde d27c18f05738795d575c8ce370ed83cf07da0a5a 7095d096e88dd0a09d84d063de1e0eedd406b032150a5af99e796c2ac63bcfe5
GET /_nuxt/desktop/default/css/9eb4939a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 2763
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-acb"
content-encoding: gzip
expires: Thu, 09 May 2024 12:27:06 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-515f763ff0fbcaf992b68ec6c2d6aacf-42bf0e19fed783f1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-09T14:03:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/version.json | 185.244.209.62 | 200 OK | 44 B |
URL GET HTTP/2v3.traincdn.com/version.json IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hash2cd3f78b7436d35d9fdd280a6c37a814 75c2e07d96ac86b0dc9a6d51aa04bf5a5b621390 ade3cb62a485106ca99a2f19aa6c711b36cf9a2bfabca0a8443fa2ab547805b2
GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 09 May 2024 07:16:12 GMT
etag: "663c783c-2c"
content-encoding: gzip
expires: Thu, 09 May 2024 08:13:18 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cba1956ae27ee9bc73021a3618a73b61-6d1f20409a35eb5e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T08:12:18+00:00, 2024-05-10T04:07:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-6df26894.js | 185.244.209.62 | 200 OK | 3.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-6df26894.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (13913), with no line terminators Hashc5ca2aee7a66364b1976f26d36140247 54ffe1cc763bb1e43f260e4ac2de08578ff48701 b04cf8f174cc6c981df4a2f10e2a3a28ef582f8750f8afd6e6dbb89adad82281
GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-6df26894.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 3536
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-dd0"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f68271a9143eabaee75396fd937abc16-dc73d1da17e9bdb0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-8039cb20.js | 185.244.209.62 | | 10 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-8039cb20.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (41616), with no line terminators Hashc0ea345b071f903a7043c7de2988c6a8 bafd23f8bec59dff22183fb4d88b226b80f10c15 b0b31f578ac49eec2681748e5752f00d7fa23634610a96b7457b1906c06f0e63
GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-8039cb20.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 10288
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-2830"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-eb78e5a50d9d7b220b3d210c145c442b-69bf63cbe79a6fb9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css | 185.244.209.62 | 200 OK | 194 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (395), with no line terminators Hash7f1ee7f9ec47159043591789124ec7cc bb021131214d4b70b327355a5a947b974f2eccbd 4041bafac614e354c03b647dc8d226e140460381c4816a65528e4ba428b0a0ad
GET /_nuxt/desktop/default/css/c3d37cc4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 194
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-c2"
content-encoding: gzip
expires: Fri, 10 May 2024 09:23:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8be01518871ecc3509aa2ef30bafbd74-31722f7b6e5c62dd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T09:23:45+00:00, 2024-05-09T14:49:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-e829f008.js | 185.244.209.62 | 200 OK | 644 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-e829f008.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1333), with no line terminators Hash3d1c9a4aa6d6ce7232c9da19626fc107 ee85ed881df1aac90651e4ca11c83f3e4c374445 6822622a53f8498fff12f0381c4dcc8d7d8f5b085983bf99279214f3ac9002c7
GET /_nuxt/desktop/default/Page.Betting.Main.BettingContent-e829f008.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 644
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-284"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d99c4237260c57fe5cb7f07ba97479c1-737fe3acd859ed0b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css | 185.244.209.62 | 200 OK | 332 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (975), with no line terminators Hash31aa50dcbc858f61bf3ed903493b8431 abf67e7f02256d2d5c5e2054b2930aa9b5ece999 18337e3b3c6f57695afaca43e471c075fd711e0485b4e7f1fdc1b6fe4e8703d7
GET /_nuxt/desktop/default/css/885d64fc.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 332
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-14c"
content-encoding: gzip
expires: Thu, 09 May 2024 12:17:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e2ef649bb4cf1b7f9781864193417ab3-05f6dd62d46e20d0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:17:52+00:00, 2024-05-09T20:14:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-ac06930b.js | 185.244.209.62 | | 3.4 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-ac06930b.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (10178), with no line terminators Hash742d0033e1d29553c749a1e323073aae dbe09fdca88f47fa291ee1cd110bcaf1b94ae3bb e8a1409bc1664ec9e5a3bb7fc5dcee5b19693e9188d15cc4c4941b0da0ef7797
GET /_nuxt/desktop/default/Layout.Betting.ExpressDay-ac06930b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 3363
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-d23"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7782089ad38e2bf576028ac5bc46e724-e82c494ffc2993cb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css | 185.244.209.62 | 200 OK | 3.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (31339), with no line terminators Hash9e9b190c1ab8126c2576203d5d43ec63 a80ccb6739023605edbd86be13f38a58ff7f4906 c4a28e2bbc67a853613460727d4abba3687be55593a7513a4079ea34579fbb02
GET /_nuxt/desktop/default/css/ca542d7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 3226
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-c9a"
content-encoding: gzip
expires: Fri, 10 May 2024 09:58:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4c7d0171762f353611b9a0ba49be8932-b7a253325d0342a1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T09:58:03+00:00, 2024-05-09T10:43:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js | 185.244.209.62 | 200 OK | 2.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (8663), with no line terminators Hash17c159eb9f582ec9da7a4285b37349f0 652f12e3c4cfdad29cff1f06e709f0d18522d8ae 3562960610c72291435591709c1b63b69ad67f4d2462cbf180241330b7486bea
GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 2474
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-9aa"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f700ed170639ee451b123dbf4a030604-fad478da6cc696c0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css | 185.244.209.62 | | 4.0 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (32277), with no line terminators Hasheeaf257a8645b90669a2ea93b8fb534e d81289258b7a5c126dd860232760852cc8ad865e 3a170c88ab694ad7552f7a84baa04ddb248c32b7f8ffe16d55dd73685de87aa6
GET /_nuxt/desktop/default/css/85148a0b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 3964
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-f7c"
content-encoding: gzip
expires: Thu, 09 May 2024 12:55:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1ed1be84067fdf753424399dd09ef095-42042e67adb74bbc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:55:03+00:00, 2024-05-09T14:02:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-aed267f1.js | 185.244.209.62 | 200 OK | 7.8 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-aed267f1.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (28144), with no line terminators Hashf2e1e371620e8835e0949e490cb0d4be 604919082776628a8cae272bf8679519e7e959a6 7854277ca13e6a5b17951bba0718833dec36b7740857483e17487cbec62dcd19
GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy-aed267f1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 7776
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1e60"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-26148066d95c9e712d6946102c1afbd0-748256347d0aff79-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-0c6d61ab.js | 185.244.209.62 | 200 OK | 8.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-0c6d61ab.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (29805), with no line terminators Hashe926766cbb585164e5c23e84b7dcd1f8 197062a6a589948f0b59b654c02030461d26ab73 96ad9027d7d1330c90aef5d6e8366a6773fabe4910d674b28a7a8c9819d279e8
GET /_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-0c6d61ab.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 8279
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-2057"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b48a8f1c08cd7a77c9ce9598e009355c-0cb294d06cd587c5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css | 185.244.209.62 | 200 OK | 1.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (4632), with no line terminators Hashf74d8b7e31b6ab236a9577348874385d 87091e6542649037a05fc137fa449b713c85225d b33d72295f1edbfc13da30236c4b811cffe4ba8ef758a515914cd69cf02edbf8
GET /_nuxt/desktop/default/css/5cfdf959.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 1113
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-459"
content-encoding: gzip
expires: Fri, 10 May 2024 06:45:49 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3d29ca49cebd32efe856906c3c101f35-f668d010d631add5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T06:45:49+00:00, 2024-05-09T09:31:11+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-799ef317.js | 185.244.209.62 | | 6.2 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-799ef317.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (20015), with no line terminators Hashb9884f137bf9a4b984ed6d6076a5f912 6fa2e191fbe206a33b3ad8a6d47eb53d7c0bf9db 90d4698de2aa1516441fad988859d49ba80624cbedbc23ebd965850469f1cbd1
GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-799ef317.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 6249
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1869"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9d3900eb4bec757d7da9f514c42fcb18-2617948d671acc24-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css | 185.244.209.62 | 200 OK | 46 B |
URL GET HTTP/2v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashf506188b04c16eaa9c664ed23f7ce58e 08d068d7fa5a84beb06ba924a35d84d6bfdab30a b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9
GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3b812defb88d689dd8a4665f2ccd7a34-b4cc88e89c18cede-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-05-10T03:12:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js | 185.244.209.62 | 200 OK | 234 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators Size234 kB (233875 bytes) Hasheb4f34c1bf9c9befda1bf247f5e1df5b 334210525b8a7dad9cf37084c56194190961b67f f6dbc277c6f693b6ce346441312122bcfd288f3c93c550e9922ec3ddc128e28e
GET /_nuxt/desktop/default/app-80fd9d0c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 233875
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-39193"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-916f528a43dd683302a240bfb40256fb-355cf697ab5216e7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css | 185.244.209.62 | 200 OK | 2.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (9958), with no line terminators Hash76a1e3dd8e25bf9a48bdd896de779d20 38c3643e25808d1f3ab167273201eac8c113c088 aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273
GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 2277
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8e5"
content-encoding: gzip
expires: Thu, 09 May 2024 11:28:05 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2db83fb755251978d84e9c38e3ba5aed-a61fff716705f526-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:28:05+00:00, 2024-05-09T12:11:11+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js | 185.244.209.62 | | 47 kB |
URL v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65476) Hash414c44a4caf31196b27b1c5c11628879 2536bdd8d54c6f619dc0a200015d9a7b95c08f90 07a1a14bccef15bc4e72f798aa8ae3c18decb59c7ad601832305f8180d3d3b54
GET /_nuxt/desktop/default/commons/app-e695e102.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 46806
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-b6d6"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0c56c0cab343ba121ffc8cde248ef252-96da3a0a045d9e0f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/7c3945cb.css | 185.244.209.62 | 200 OK | 17 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/7c3945cb.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash97b6f81b90460841531e21dceae1a3f5 1116d9a217e034d8970ab1455c15e9a4d1420a14 21951b3d64319c4bc411d0b272d08f3f7d951c743b9ee4ef376091d1c24a0401
GET /_nuxt/desktop/default/css/7c3945cb.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
content-length: 17201
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-4331"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f2e55318752eac541f63fd64ba39869c-ca06da14b2c11eb7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js | 185.244.209.62 | 200 OK | 267 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (61101) Size267 kB (267284 bytes) Hashde196c8e650ca4c514b5fbccb5f0fc2d fe73fce013c7cf22d6c01057981a01947484b020 27db5de650dc124db682f1dcd0bc5b018980cd52f3baaf8e4bab2d74fb9e0b5f
GET /_nuxt/desktop/default/vendors/app-7a457c68.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 267284
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-41414"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-884fafb5620bf0e8500a5bfe0d0d3bd5-e0433759dc84b1a9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 | 185.244.209.62 | 200 OK | 65 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 64732, version 1.0 Hash3ac5d40d1b3966fc5eb09ecca74d9cbf a69f32357765dd321519889aeacba5e9ca893bb0 3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-42c370bc48bfaa9d21c87e7f88ac9402-4ea2b2137da0c455-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-10T03:20:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63748, version 1.0 Hash6887b6f24414dbc612dbf42ccdc76b70 8068d3abfbc6cbf35b55919da45b1f4d2d136238 fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:13:59+00:00
traceparent: 00-c43fc708eae92616daf26aa56c36aba0-5eb3688472eb6a07-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63920, version 1.0 Hasha65527fcb58f66a7cfbc0e6b160538b4 45d260e7fa343401b5bb0df982a014f53e2d253b fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3c257f2a1f6c8b419cd8b6a18d928b6f-2a4f1ebb6f8cd461-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-10T04:02:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/check-ob.js | 185.244.209.62 | 200 OK | 187 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/check-ob.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text Hashced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616
GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Wed, 08 May 2024 10:15:17 GMT
etag: "663b50b5-bb"
content-encoding: gzip
expires: Thu, 09 May 2024 12:58:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-baefc51a486e18df7921def65a1806f9-6e073f042fa0be58-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:58:12+00:00, 2024-05-09T11:36:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png | 185.244.209.62 | 200 OK | 653 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 32 x 32, 8-bit colormap, non-interlaced Hashe6f0766cbd95db33da44e7a9140648f2 5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0
GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4c0a2617e1f8d18b5462aa00fe9a06bc-15ab3d7e7fe9dd4c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-05-10T04:02:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css | 185.244.209.62 | | 194 B |
URL v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (395), with no line terminators Hash2818ab9c6ece35261fbf658165189623 f01f8175a7a89449a1dad5f2a7df06c5866c10af b4f0b619b6f6ece6589df376a16eae022b084640348887d3c557e20a37207583
GET /_nuxt/desktop/default/css/f5105820.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: text/css
content-length: 194
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-c2"
content-encoding: gzip
expires: Fri, 10 May 2024 09:25:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f832f20af2bf20e36da34ae81a3044c1-1bb261713f556462-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T09:25:00+00:00, 2024-05-09T18:11:06+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-0ade32fe.js | 185.244.209.62 | 200 OK | 634 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-0ade32fe.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1235), with no line terminators Hash9b4c5178b31779a0981ed2c9776a53c7 9235df453636bc042a2a1ae0f4c515056c5c5a90 8cb9638fcdeffac9470295235a3064097fb9b59e73b95ec8102c6bb663d980d8
GET /_nuxt/desktop/default/Page.Betting.Asia.BettingContent-0ade32fe.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 634
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-27a"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6b4a922d92ea379693978e7626fb21ce-2cd3d0b7ecb0c773-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:31+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-7f844954.js | 185.244.209.62 | 200 OK | 4.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-7f844954.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (14574), with no line terminators Hashd33ee67d9f23dd62c456193b4e764eb9 f6d942295c97dfa39f4a924d0256969ccbed9c62 1e80290f86bdfedcb79a9f94f3eb27f309047d2bd580d874822aaaeac3675e71
GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-7f844954.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 4193
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1061"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2fded3dca9936f951e3273fe26c1869e-ca29469a0ca8c6fe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css | 185.244.209.62 | | 1.3 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (6872), with no line terminators Hash7727cc93d85a2459297f9b1237fc6a92 f37f7a3ec3d30df2513a38dd2c67fefaf038edec e4559060670fd8cf92ad4e830ae9237d2bbc735470f4597ad5d943388d9248d2
GET /_nuxt/desktop/default/css/2a37879e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: text/css
content-length: 1331
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-533"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:57 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-852854402a2645832601b31a062c923d-4fd7842ea90f829f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:57+00:00, 2024-05-09T15:24:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-e9231dc8.js | 185.244.209.62 | | 11 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-e9231dc8.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (40117), with no line terminators Hash0644769b808fa59af4beda42788b2e66 266dd9b95b442a01759242a55a117d083cbac67d 7f2a8da86462ef570ba1c5abe327880bcea5ec510160ea6f590a066e1a5bc6ce
GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-e9231dc8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 10688
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-29c0"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-49daadd59de07736a197f2a2385ea5ad-9e42e1bf64da2f81-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-70c9070a.js | 185.244.209.62 | | 37 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-70c9070a.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65461) Hash0708c03dd81cfcc30a6eb12e8d5a7192 91064268dc5ef484b6b8e073cde872c21b3a0fd1 4bb58dc9b93318e295ad055e8b4b1fce9eab0fddad1c4f72ff791283bb834ea0
GET /_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-70c9070a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 37176
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-9138"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cbdf10812354967a264c2e42b00e4f9a-373fa4aee4b7026b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-36c334d6.js | 185.244.209.62 | | 10 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-36c334d6.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (36639), with no line terminators Hash67d8ed132b1ddc0c303fd8f75f32b471 cc7d93fb03efb29743c787d310d0f0350740ca94 7221c0785ae9cc81866e4a8b7638fbeef6df772b59a60ec529e5db68a2c62117
GET /_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-36c334d6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 10104
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-2778"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4b5a01114c52bbd6b9c52b2aee3b1292-328fddddb0333b6d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-3476a987.js | 185.244.209.62 | | 5.6 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-3476a987.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (19536), with no line terminators Hash18d38aff5018dad1262fc227a68b5ec8 fe50b32177073c7724e8031febe4e3feef6e5f95 266f384d74ee49340d4cb0647e2bdb7c767409d7bf8cc35442a453bcf08bb8df
GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-3476a987.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 5573
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-15c5"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-19f514839bfe26c1df4b28dcb2a2ec0a-878172d9a8c924ed-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/a1bf72f5.css | 185.244.209.62 | | 6.7 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/a1bf72f5.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (53183), with no line terminators Hash4501125cd5c80c2b8acf7af843956d66 b24a3be842323cc3d17a708ff48bb84dcb652041 ec51d38db21ace66a188f18b6ae3b5a76254c28f379aaa6499bf2c79626b8820
GET /_nuxt/desktop/default/css/a1bf72f5.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: text/css
content-length: 6677
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1a15"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-80f8dd8fc08b970d38225f186180b74f-154840b8e0a7b06f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-3636738c.js | 185.244.209.62 | 200 OK | 33 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-3636738c.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64912), with no line terminators Hash1f7da36659a544fba17a29cffa971076 5c97a256ee06a1f642721e924aaf92fc6e8012f7 7283f446334be010ae677213a0b827a2e993e298bf023a85e87577edd2216c2d
GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage-3636738c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 33094
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8146"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e195e43ab52f9ba943c59e8407c5e6e6-c12d722116e599b9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css | 185.244.209.62 | | 4.8 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (38649), with no line terminators Hash8ab5f1e804e2a4565dea164054ff0907 7ee2bea2c9dcb6424f707c35588a316a249270fa ce3424802faaac382a0efe23fbc285123fae95d0461ecf26e4881e1907acd9ec
GET /_nuxt/desktop/default/css/f72f2b10.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: text/css
content-length: 4780
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-12ac"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-441acd973517b67856dc0d1f8edef92d-0c6e8115604af2a5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:58+00:00, 2024-05-09T15:24:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-56ecd176.js | 185.244.209.62 | 200 OK | 29 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-56ecd176.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64788), with no line terminators Hash07244b6ad35d8802c10a1c5fd37712be 1b41f323c8cf0006dffb57939104bf1da14b9f6b 78be75ea68fee2170ba434351d695ad2be458c1cf6a819a96e1fd932c4b2c8a1
GET /_nuxt/desktop/default/Page.Betting.Main.Asian-56ecd176.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 29394
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-72d2"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6a9ec835aebca1e978377a8b74c3a606-6c415257f8838dd1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-09T11:07:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js | 185.244.209.62 | 200 OK | 22 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65476) Hash4df28096a23760aa74cf3b1982ae9476 1b99d6f0622b9da8e46e85df6a0b116a8c1a9943 14e6c442824a6a4230ad98dc5046540ea35f1e7ad21b65b927495df4a54aa715
GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 21899
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-558b"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5be663b9bbce8ae1e5f9c0f37d711274-51afe2251564e389-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js | 185.244.209.62 | 200 OK | 4.6 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (12527), with no line terminators Hash8113ecbe1d6d4c8904ce977109730f08 70cd411e85297f2d6dcccffba8f633e3c609ca5f 1349cb7987b5ebae2dc20a5ad955120b8983b0059549cd7f3b0db5dbf1c89ce5
GET /_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-11cc"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-98cd7ce5ef4a0c80c0c74fdacfcf3aa6-04a0931c9c390b26-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css | 185.244.209.62 | | 953 B |
URL v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (3352), with no line terminators Hash748da80084597d87b4ff5e98b017b07b db6ad2ec24bfcbe751a23061d935403e1163f471 4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24
GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: text/css
content-length: 953
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-3b9"
content-encoding: gzip
expires: Thu, 09 May 2024 11:05:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-307d64a2966464d846fb894a71d6495d-330f4c8baeb5bdc8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:05:15+00:00, 2024-05-09T15:40:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js | 185.244.209.62 | | 8.1 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (26717), with no line terminators Hash5e555ad28a7c695afb377a8855610652 8f195d8ff18e3e2d1105587315d8d3102650bf3a b90b7ba895ec988a0b72b9fd21ccc3d8e1d1cc4035f57fc47be6fb00e32caacc
GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1f77"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fb565b19aace1f10315c1b3cd982aa01-ef6385c8ce58bd0e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js | 185.244.209.62 | 200 OK | 2.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (6960), with no line terminators Hash426b4077094d2bf6f0f1feab6aaaaa40 b6ac46785f2225c76aaf65d152456765df824887 864bc0a49b9b457b62b65a8902f9f07305e5010d46df4cc5416dfb8b028c2c09
GET /_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 2121
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-849"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-80120cd5e40f2ed91be7e702e9a5041e-135e55239e310aa2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:19:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js | 185.244.209.62 | | 999 B |
URL v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2336), with no line terminators Hash55a903571af1a626a07aa8e6a5d83e1e 744db188996ec7ada8c219355d471d2ed347a9a2 ebd3f27093e1a541034d9c46a308f1273e0480bbeaaccf70f638e95f663c95e6
GET /_nuxt/desktop/default/DC-fcb3e9b4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-3e7"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7acb95a22f85d5383832c1b5c818626c-ff2c311184c1bf6b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 | 178.253.29.51 | 200 OK | 141 B |
URL GET HTTP/21xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashbd9be2fa89d26e9e6f1b2e08ffcd0ed6 90eae25ee792254c7ca97e98c5782078f9bdc37f c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 730
x-request-id: a17cef70e6725d52d2ac64f0b736347d
x-request-guid: a17cef70e6725d52d2ac64f0b736347d
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.1880397796631, wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/api/web/v1/config/actualDomain | 178.253.29.51 | | 176 B |
URL 1xlite-461430.top/web-api/api/web/v1/config/actualDomain IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashe90508cca101d9cb990de4c1ac272162 f2eff8d50f5d46fb966acd5ce6eae0e6928698f5 11d2a39f89bd0f2c2d4bce0007c223e73a00e54ac7423b3eff9ceec40b477e99
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=44, dt_total;dur=48.293, wf-uht;dur=0.061
set-cookie: SESSION=9f380f46355365c8b1352b8a6ff35e0b; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-16aa40592691fbb9ea2dbde8226fc5c3-d1f9112805230ef7-01
x-dt: 285
x-time-ng: 0.047
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js | 185.244.209.62 | 200 OK | 1.6 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2508), with no line terminators Hasha961fc2d8c225c0cc2dc814175a9d9e4 9293a62e3d0f4ab392dfef6f7f7172cb9889a724 a33381e13222f9cb4ab741177e3ad9ed83e3eca14864fac385a8fc4440ff2d90
GET /_nuxt/desktop/default/Betting.Core-f89d33f6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 1645
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-66d"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-50cdeaf5036b0ec15ed21ea3767855af-55b239d6f5fd112d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (3230), with no line terminators Hash5233ff069edca79a361c0b2b198b55cc ba4364baebab13117998653f970a92b8ee07f900 c738fe5d4a58cfa5164ec13724b158a0021645987ebb534e1a230895b48b2e56
GET /_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5ab"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-450f546e3bad29c2c98b7caf9662f801-c11694ee7bc2649a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-45d015a5.js | 185.244.209.62 | 200 OK | 1.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-45d015a5.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (3073), with no line terminators Hashd480de5fb5e98ac782b0bd0f059e76f0 4c835740fa9f633deed7fba057d32b6d9ada360a d283c64ddc00ff6250739d80df5c2dbc126fedd3731ee5fa1611d70a27b4d6d0
GET /_nuxt/desktop/default/ioc.dependencies.18-45d015a5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 1321
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-529"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-88a0c4a2829d878d170af40185c5516c-435ebb4218f09dd4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json | 178.253.29.51 | 200 OK | 7.9 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hasheec4805fe0f6e17d5ade92a382f5b068 ca6a26fe8ea31e66c0bef88c4e7f489dce9f9a4b b50904054641c30b6b4ee7ed4290b52022825f2e9e9e3a4a060b8ecddf28c898
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:13 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-6b906b26.js | 185.244.209.62 | 200 OK | 7.7 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-6b906b26.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (31338), with no line terminators Hash7462c3ce706e3a0439d52dfd83b79f18 7fcb3c23faccec9e4ef977d403cd600ed9d47159 28be8165dfece6660276495ac167ab5161021d9f7b2159e7929e76f1a64f0a16
GET /_nuxt/desktop/default/vendors/betting.SportMenuApp-6b906b26.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 7710
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1e1e"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d50273fa3780154f978e656fd9a0b184-c0849500868399bd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css | 185.244.209.62 | 200 OK | 3.0 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (22886), with no line terminators Hashf1e1bb557e1155bf9c70751dec445176 013c5224a1bbbf0d6603f25e31863aa90f279b40 7aa1af5184d161c5f279c0da3199cef2dfc0aac5e90cce3e880f1f89401a0a15
GET /_nuxt/desktop/default/css/ad481252.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: text/css
content-length: 3006
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-bbe"
content-encoding: gzip
expires: Thu, 09 May 2024 12:29:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-31d09a4bae13119d17ecdaa0ea92e64e-129ab61151a71444-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:29:18+00:00, 2024-05-09T17:15:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-43e47582.js | 185.244.209.62 | | 25 kB |
URL v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-43e47582.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65483), with no line terminators Hashe64e6103ea1b8ab52c93a9786ac2cd6b 02fad318aa11a5b8124e4edf9b2e506020c7904d fa69a8cd98ac6ed2944e28e57a4b151bf76457a430d39e48b60194f901dae4da
GET /_nuxt/desktop/default/betting.SportMenuApp-43e47582.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 24936
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-6168"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bd3351c0c26914bd49337e24848973ca-2e86627fd9624ec3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-81e2f8d7.js | 185.244.209.62 | | 7.4 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-81e2f8d7.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (27479), with no line terminators Hash0b17cf75462948eeaaf7ece70cd5fba2 aebbba96a756cf09ce6a16de9e70c683b5de001d 32c6603817e972bf1aee9f736061fe43218fd74789ae76cb4cf7383176e65229
GET /_nuxt/desktop/default/vendors/betting.HomeSliderComponent-81e2f8d7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 7381
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cd5"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7bf8396bbd0c6c701a21cae83ab6f596-364cc0bf918b7596-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-09T11:21:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/85022173.css | 185.244.209.62 | 200 OK | 1.7 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/85022173.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (9757), with no line terminators Hashd9ff2bf37891da2be05d7fd5442113f5 419f63a7b47f983139a1cdc040707ab4b90bc255 05d90d1e2368c45cf52f0796d76035b98b8ab02ff57d218005ddffbfc20963c5
GET /_nuxt/desktop/default/css/85022173.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: text/css
content-length: 1731
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-6c3"
content-encoding: gzip
expires: Thu, 09 May 2024 12:56:04 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-06a50b997732b1a696750e6b9b4c7d24-b1773d08777a6b4c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:56:04+00:00, 2024-05-09T17:33:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/a05707a0.css | 185.244.209.62 | 200 OK | 1.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/a05707a0.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (6442), with no line terminators Hash2b7cd76d45868e18a22be501f214c7c2 e2799c9711adb4b6b850f39a90d3b074878e2c62 81499263837bef8f4f0ea4015d21a7895e9a51ede856b8b40d9b2240c99fe7c9
GET /_nuxt/desktop/default/css/a05707a0.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: text/css
content-length: 1308
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-51c"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-de84ae8ea8a6e2587fcda125a4bb7905-cbf41cc5da3f1bb3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-8f216f08.js | 185.244.209.62 | | 7.6 kB |
URL v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-8f216f08.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (24523), with no line terminators Hasha84c24326d41c0aa0f3fb493e4bfc856 1aaaa001532b4d7589f6e0879455f6c78699c52e 296f8cc8788197eb5fd295ca003429fe2db6093eb6388c003447a5de6f31b53e
GET /_nuxt/desktop/default/betting.HomeSliderComponent-8f216f08.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 7592
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1da8"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-568c49dd0140ee7752a77c0f1b168d6f-ab11f7a20bc1fa36-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-09T11:21:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css | 185.244.209.62 | 200 OK | 459 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1526), with no line terminators Hash97fdf5b6e7dfddf6ab251e984133b2c3 bb552fe685c52c34e0ed91e4dfaa9df2675ad086 92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3
GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: text/css
content-length: 459
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cb"
content-encoding: gzip
expires: Thu, 09 May 2024 11:05:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9c23df704cd23471a9e39ae4ddf92747-103a7b3a3e2494df-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:05:33+00:00, 2024-05-09T15:53:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js | 185.244.209.62 | | 17 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators Hash732bde6d360cd7be7ce9ce10044202ba c4fdecf84f6261b354240750525cb9d2a8d87d09 d46270d03f72eb032f9e205e2eedecdf65838a9f474b356b127474f73b66d347
GET /_nuxt/desktop/default/vendors/betting.media-49c46e45.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 16832
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-41c0"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6846e4ee6324dd730f31c65766742170-b6c6804ed8b03618-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-96d6b2c1.js | 185.244.209.62 | 200 OK | 19 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-96d6b2c1.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65283), with no line terminators Hash0fcfe75628cf7cd25fa643bfefbf5940 2d7d246eb52fbc3a2420db7a8bfa1d54e5b480fd bbb5b77e24844a594d4084e394bfa0348081335c28a3a4d172ac5ff83cdabcea
GET /_nuxt/desktop/default/betting.CentralMenuApp-96d6b2c1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 18951
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-4a07"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2244acce1b9d209f3bd2db0717ace193-576db56f888d8888-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (7000), with no line terminators Hashf379bc6f4b94f34d96f6fe51159bee63 f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60 b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11
GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: text/css
content-length: 1486
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5ce"
content-encoding: gzip
expires: Thu, 09 May 2024 14:34:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-93c94dc813f5c682f16f3364935cd987-5b823163f1789b4a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T14:34:40+00:00, 2024-05-09T17:15:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js | 185.244.209.62 | | 4.7 kB |
URL v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (16761), with no line terminators Hashf2263fc2e9f9bff4572f3b1c24a80ab2 efe1b2479e2f34dbe912d9e588759b2787bbc3b9 38444c18d8c24549cc13b2de3a055976ec8f3f238e022739f0b6aef8fa74db9b
GET /_nuxt/desktop/default/betting.media-29872be3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 4727
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1277"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f7da9f1c3d1bede71d9fca6150279470-de87f51ecf70b837-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 | 178.253.29.51 | 200 OK | 222 B |
URL GET HTTP/21xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashe7c940228799d1f96695b328e468ca9c e5af05addc5a54aa316d8ead06c15e886aea6561 84626d0f6e1da40ed88e58d4d8e6d2998e2cbce21bc197b7b6a66305e94ed867
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/json; charset=utf-8
content-length: 222
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/session-api/sessions/user | 178.253.29.51 | 200 OK | 16 B |
URL GET HTTP/21xlite-461430.top/session-api/sessions/user IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash646b2e82b65602d35f7aa6283c387e3a b163a70c5df8e4b0861a23a04f8a6f78393747f4 b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.1131763458252, wf-uht;dur=0.009
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en | 178.253.29.51 | 200 OK | 2 B |
URL GET HTTP/21xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd751713988987e9331980363e24189ce 97d170e1550eee4afc0af065b78cda302a97674c 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=10.84, dt_total;dur=12.370, wf-uht;dur=0.021
traceparent: 00-fab8d20b7414334f34e1711a148060ca-c415d35c1e7627a5-01
x-dt: 285
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css | 185.244.209.62 | | 97 B |
URL v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash9deb70dd3fbdc7061ed21c5632fbc55b 22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8 be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9
GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: text/css
content-length: 97
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-61"
content-encoding: gzip
expires: Thu, 09 May 2024 16:43:21 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c235b401055c29301b0b02a6e7a82a07-9889cc13ca288314-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T16:43:21+00:00, 2024-05-09T14:05:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/api/v3/bonuses/first-deposit | 178.253.29.51 | | 8.7 kB |
URL 1xlite-461430.top/web-api/api/v3/bonuses/first-deposit IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash6c497f6fefa1ff03d2b3f026ca9ea1b2 67708749c2923ee8fb64f119bfe6601df89cc754 62d6341764aac9fa45a7c7c304e969a0408d60f679d5142d0faa28e178d132c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=20, dt_total;dur=33.529, wf-uht;dur=0.044
traceparent: 00-db72916f7eba3f38f5f23a962b00e89d-107a0eb7066ee021-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.030
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (6262), with no line terminators Hash09f1bd90913ad83743065cc13ee3e0c6 0f1d49d4ddfccf474d882839c1ac901a8c1d91e6 b0222e16baaccc20a1143166da7715bbab586f1d8d8bebf26f91e98738a55a92
GET /_nuxt/desktop/default/css/25e24e18.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: text/css
content-length: 1505
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5e1"
content-encoding: gzip
expires: Thu, 09 May 2024 12:29:28 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e11698807db8f121cfc76445222fe06a-8a22c5542b7855dd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:29:28+00:00, 2024-05-09T16:39:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.334/285/common.svg | 185.244.209.62 | 200 OK | 81 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.334/285/common.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hasha5e6c7cb3dc6f80ffa8b7725ce9f0258 bf609fa93aec5b1b7319f6915fa5476ad50ae2a9 a39a263f5e16fe65dfb58e66500bdd4346f96a51c35dd8b5cc896952a4f0d164
GET /sys-icons/1.0.334/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ff91415a207a3a7b3fe75b695ac2eab8-92eceaa672ca39d8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:04:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-6e433cdf.js | 185.244.209.62 | 200 OK | 578 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-6e433cdf.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1003), with no line terminators Hashb9a05e5aa1c5b98c055f94570bbf4ad2 24bf68bdbe24f5b82fddbb934ad2ead865d4705e 7f6ac8faf0ffe76890d0518f7470d54e20a8b8dc92dcb433645a46aa2ccfca11
GET /_nuxt/desktop/default/betting.coupon2-6e433cdf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 578
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-242"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-63165dadbc520956fed8c3d35d545a9b-5692def25d9f1610-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 | 178.253.29.51 | 200 OK | 258 B |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash6b410dd2c07ab8dc7ea3612945386685 9d9b746ddabe121ffedb7dff9e0aff03b92998b1 aa7e649282a2bbf5af23394e678496503278768e36b9f21c74ebe474806513e8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json; charset=utf-8
content-length: 258
cache-control: no-cache
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:15 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 | 178.253.29.51 | 200 OK | 2.4 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash30042142454e96ac867d4031669d7245 a299d6fcdadd98f2687068b37d5fca82115644a4 230c1619772081d6c252507eeec6a5b52ec71b2fa5b98746ae1415e256dc6d7a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json; charset=utf-8
content-length: 2423
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:15 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/sys-betting-app-front/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba | 178.253.29.51 | 200 OK | 56 kB |
URL GET HTTP/21xlite-461430.top/sys-betting-app-front/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash1965ec90727e97bf5eae67c60dda4653 c63ce6ca8deceb64e487202af558a6b8015f7e56 7441f2c2046c2f20f6f01aa53c4e4d4e1e996b4f57a5c5bbb95bc6866b1e6a3c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sys-betting-app-front/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
mf-render-mode: json
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
content-encoding: br
server-timing: total;dur=37;desc="Total __BETTING_APP__", dt_total;dur=76.698, wf-uht;dur=0.096
set-cookie: tzo=3; Path=/
traceparent: 00-e74e6d67e58be527d5abd6b0f0fd30a9-84c2f8b57ea775c0-01
vary: Accept-Encoding, Accept-Encoding
x-dt: 285
x-time-ng: 0.059, 0.078
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg | 178.253.29.51 | | 296 B |
URL 1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeSVG Scalable Vector Graphics image Hashb1bf63d00887bb0354e9d89c7d790a01 2d64ab25c9afff682abd6732f62ba62a197e972b a6a4fbbd99a0a82de03f05da827ccd9d019574bf3450727530403c2b5ce92df0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: image/svg+xml
content-length: 296
last-modified: Fri, 23 Feb 2024 10:03:47 GMT
etag: "b1bf63d00887bb0354e9d89c7d790a01"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg | 178.253.29.51 | 200 OK | 506 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeSVG Scalable Vector Graphics image Hash9c340eae608db0c25657b4a73d769afe 988fbf333a2e9290211cd9e6b7c98c59719012b0 b92e969acd8a1e0f9cfd1f84080ca5ccb8cb49b105299434c275a8813faf841e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Fri, 23 Feb 2024 10:03:36 GMT
etag: "9c340eae608db0c25657b4a73d769afe"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-e553050a.js | 185.244.209.62 | 200 OK | 366 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-e553050a.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (416), with no line terminators Hash5a59e1a877dfffd934287be20d74fb8f bd4f023b5d180689555d1185a1167a825549781d 2b2960e941dd6a85aebdfc7cefa2b4352fa3c462de8ade94656a97e1336f3aaf
GET /_nuxt/desktop/default/DownloadAppWidgetAnalytics-e553050a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 366
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-16e"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:47 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1b1ce1ea5a0f9dbcff188fe619028cae-4e5cd30da696d2a4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:47+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.51 | 200 OK | 23 B |
URL POST HTTP/21xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash7b5b631ab1bb3314e3ba7a76ca17808d 6dddf5c16b220ce166ff8bd105930b171386c890 db294657777eb5b59c87a1eafa341fd0e29c9d371a2a784ca11a39562955bc36
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Content-Type: application/json
X-Lang: en
X-Uuid: e11671d6-13d5-4dd3-a5be-ddfb46eee94e
Content-Length: 81
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/checker/redirect/stat/run/ | 178.253.29.51 | 200 OK | 5.6 kB |
URL GET HTTP/21xlite-461430.top/checker/redirect/stat/run/ IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash741934b89418d344f6b45d01fe7ddae7 2875d1bff3ba4850c36d335664cb596c17eb6fcf 488059f86ea7968767b02087d83b3e500aa5b3686e6b2522d967ff80eb6c6af9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-time-ng: 0.000
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css | 185.244.209.62 | 200 OK | 1.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (5638), with no line terminators Hashbe85f100312ee4f9396b6e89cbcb0fef 3934783d38d182ddcaccfdedbbe4fb65c266864c 06a9b859f60f7872c7beaa8286d3c1f45708dd0e1dee20f4c0d55c8719cc2983
GET /_nuxt/desktop/default/css/0e3e1e8d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: text/css
content-length: 1193
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-4a9"
content-encoding: gzip
expires: Thu, 09 May 2024 12:29:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5545a5b51b3efa7042bc5500ca2e9184-7f435d765504acb1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:29:37+00:00, 2024-05-09T15:46:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-42a0f4cc.js | 185.244.209.62 | | 4.1 kB |
URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-42a0f4cc.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (12039), with no line terminators Hash40cbeb3b1fadfd3c0235beaf250dd48e 8fdbbea7d2085d6562e95f0530c17fce06fcf60c 72b4153b971c2a2d3093a986bbdf30b739dfa03fac8a292e9a98a55e1b97a1b4
GET /_nuxt/desktop/default/DownloadAppWidget-42a0f4cc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 4123
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-101b"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:49 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9dfdbade8d00130cde17b050790aa2ac-679353c8aa989b18-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:49+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp | 185.244.209.62 | 200 OK | 7.1 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash14b81bb2a70130c395b98ba4cb1f4a3a 378094090781a2d412f234bff2bb311adf0a22d0 11128b17e044b6dfe4d716c11854e95486c9e942a942064c82968f6a34c777bb
GET /sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 7066
last-modified: Wed, 04 Jan 2023 07:42:08 GMT
etag: "14b81bb2a70130c395b98ba4cb1f4a3a"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b7a31e64ee8bfd28ce7211f016336721-b1abb60990e3fd10-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T00:05:10+00:00, 2024-05-10T02:20:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/8520.webp | 185.244.209.62 | | 724 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/8520.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash06b5a068bed863240517988a495b9c0d a74fa37b991acdbb5524296b0c63ef0f29d3a37b cd1899369881312ff6259adcade0793a0fd53370a83c3a70ffc4f74a5f641a82
GET /resized/size16/sfiles/logo_teams/8520.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 724
cache-control: max-age=94608000
content-disposition: inline; filename="8520.webp"
content-security-policy: script-src 'none'
expires: Wed, 27 Jan 2027 21:34:10 GMT
x-request-id: 4905dee56c2247cd45bc250cb73eaa37
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-de73e215ff5c6e3ba4ca7ba71b3b3519-008d808d035706c7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-28T21:34:10+00:00, 2024-02-04T12:11:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/8512.webp | 185.244.209.62 | 200 OK | 794 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/8512.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashaa0e295ad33f4867c844ab7f97e23f0b fc337f8591ce3d69324c2fe3c9e4cac511dcb25d 352c956a5459c06c6cfa112890594b6270e647e5e2c2e14a95162ade521b6b17
GET /resized/size16/sfiles/logo_teams/8512.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 794
cache-control: max-age=94608000
content-disposition: inline; filename="8512.webp"
content-security-policy: script-src 'none'
expires: Mon, 03 May 2027 00:09:25 GMT
x-request-id: 11d3ac4f252e14979d8f73fcefc16afe
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d7c0067ffa8ed518118b0cd8a35b3647-5e9c98ff100f8750-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T00:09:25+00:00, 2024-05-06T08:06:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/4098.webp | 185.244.209.62 | 200 OK | 686 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/4098.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash388bc3d96e04cae724f1ba496f057bb0 8d3f7bc408f501ed7e1df10014f81d22d7fc14ec d04b915d1504e6e72c683e089fe0f1eeffe79aaab7d7c1b8da120af340f15c03
GET /resized/size16/sfiles/logo_teams/4098.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 686
cache-control: max-age=94608000
content-disposition: inline; filename="4098.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 11:19:23 GMT
x-request-id: fbc084657b883b85a652a49f98ea599e
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ade881bcc2fd87e186ff70a52b9d95dd-25bb32f5c3eb4611-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T11:19:23+00:00, 2024-05-09T07:02:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/external-api/config/getVideoAccessConfig | 178.253.29.51 | 200 OK | 3.6 kB |
URL GET HTTP/21xlite-461430.top/web-api/external-api/config/getVideoAccessConfig IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashcb0bc8eedc642fc591c0eef57e6c67e5 6c62aeececef0a5ff474bb21bf569ad8d48f6bd0 c57136f602923fc19534e58f7da5a483616d80031222372e19a29fd6f22b0a0e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/config/getVideoAccessConfig HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=19, dt_total;dur=23.213, wf-uht;dur=0.035
traceparent: 00-f117503297db2c122f844f1ad5c35f3d-13d2be429b8399d5-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/1026819.webp | 185.244.209.62 | | 724 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/1026819.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashb68b6e510d3156c755c4c6d163796d4e 9db4fbe292eb32134e3cc622d654ac562725a22b 7006b34f269f6a4cb56a98f9ceffb1b3c9bbcc2ede7ca7f7df621c557b74d475
GET /resized/size16/sfiles/logo_teams/1026819.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 724
cache-control: max-age=94608000
content-disposition: inline; filename="1026819.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 14:06:18 GMT
x-request-id: 7909c10259a92d1db3ffbaeda5521f3b
x-time-ng: 0.044
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2efaee067c3a3ce05359467d54104cf2-29fa3604209d0527-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T14:06:18+00:00, 2024-05-09T13:46:06+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/817749.webp | 185.244.209.62 | 200 OK | 790 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/817749.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash3e062729b519bc9cf34ed07e6cd07289 ea0213d92079934e0e1aa89149252f938c8572cc 2d2b511142cf59ff2663217ea2bad0d45edbfdcad0498782a983d2d84b857fdf
GET /resized/size16/sfiles/logo_teams/817749.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 790
cache-control: max-age=94608000
content-disposition: inline; filename="817749.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 19:48:51 GMT
x-request-id: 884afe57ab9c14700aeae8b82cbfc476
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d0358b915b6847bb502a54aadb314fd0-b6a8e8e2333cc0af-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T19:48:51+00:00, 2024-05-09T13:46:06+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/5e30c26e0dd6460de700a622f1205786.webp | 185.244.209.62 | 200 OK | 752 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/5e30c26e0dd6460de700a622f1205786.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash3a2af7c3f364401f5f8a6fae60c32bc7 44d48c00fdf8771d3472dae2532c400ffed4e554 97c6044fbbbe17db1a66eee6a1973af24bb25d1a88f352743b93d5db4827d687
GET /resized/size16/sfiles/logo_teams/5e30c26e0dd6460de700a622f1205786.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 752
cache-control: max-age=94608000
content-disposition: inline; filename="5e30c26e0dd6460de700a622f1205786.webp"
content-security-policy: script-src 'none'
expires: Mon, 10 May 2027 02:42:40 GMT
x-request-id: 662e6fed9140d14d5bec5b1365cb7c91
x-time-ng: 0.028
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c6968d0eae98af56c6e5f76fd21b0951-0ec59bf1e5d1dd3c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T02:42:40+00:00, 2024-05-10T02:42:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/29e139358d338412a155b970bbe13bc3.webp | 185.244.209.62 | 200 OK | 772 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/29e139358d338412a155b970bbe13bc3.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash89b52c3722c34bdfaef1862b626b4bed 1587e4b4f1db5315ff55e423916be2a4e1e818fa 79946cac49506a59ee2e636a29a9666ff59a3d578f184e31ebacd86d0f7d7bf4
GET /resized/size16/sfiles/logo_teams/29e139358d338412a155b970bbe13bc3.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 772
cache-control: max-age=94608000
content-disposition: inline; filename="29e139358d338412a155b970bbe13bc3.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 13:56:12 GMT
x-request-id: c0bd2ece6de02c7272f639796a24fbf3
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2cfff0e5b320a56549aaac141307f69c-44f618d0fc9f30d2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T13:56:12+00:00, 2024-05-10T02:42:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/10475.webp | 185.244.209.62 | 200 OK | 812 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/10475.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash6aa564dcd488757c46c2a4e6533673af 86b1761d1a0a3f1dfe9c0ced5daa63ccce94c3dd a80facdd8a5c1f6eb8578bc45cf74184e38ee4f2e978d0007bdbe056b140117e
GET /resized/size16/sfiles/logo_teams/10475.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 812
cache-control: max-age=94608000
content-disposition: inline; filename="10475.webp"
content-security-policy: script-src 'none'
expires: Tue, 23 Mar 2027 06:05:43 GMT
x-request-id: d4ebfc15a3e6661b3ed27c0d66c1b88c
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7b2ecc081c49e40f17ab71402ec3b108-64886ee11e9001c4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-23T06:05:43+00:00, 2024-03-26T14:49:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/10493.webp | 185.244.209.62 | 200 OK | 766 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/10493.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashe26a343effe760e8da709e2a0fb91567 26167e7247761e0ec62168c63b546660d6454889 32d5fc746e3a9c1d620b428eb5a0ade23117c712aa1ed134066dbaae5d11fdd8
GET /resized/size16/sfiles/logo_teams/10493.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 766
cache-control: max-age=94608000
content-disposition: inline; filename="10493.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 13:39:34 GMT
x-request-id: 902ddd16dff0fae579db360912817c83
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-17385f5849cb585c93c614f3ce70522f-ff7acc999b75bdb7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:39:34+00:00, 2024-05-03T11:10:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/b82dfbcab7f0bc1a63df852573c694ce.webp | 185.244.209.62 | 200 OK | 588 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/b82dfbcab7f0bc1a63df852573c694ce.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash5cc40a6f8b6c95f8d5382e677bfd6afc a92f3e60f5741ecea533c6870b53e2b99a863598 7706824b58f1d489670bf3eb46bcd93024f33b3e5628640c24944c921e1c4457
GET /resized/size16/sfiles/logo_teams/b82dfbcab7f0bc1a63df852573c694ce.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 588
cache-control: max-age=94608000
content-disposition: inline; filename="b82dfbcab7f0bc1a63df852573c694ce.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 06:50:01 GMT
x-request-id: 30aab90682a1ad96f060a8770d5c33d0
x-time-ng: 0.050
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-df3c1a99480061974b600031ed2f7160-c85108a80e566cac-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T06:50:01+00:00, 2024-05-08T07:51:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/5e567e36d7149a9349cf60b3838db43d.webp | 185.244.209.62 | 200 OK | 728 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/5e567e36d7149a9349cf60b3838db43d.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashf9daf73c7c5345a3b5d0a48620d01910 2b95896057779c26217824acce1a0d7d7a13ad9c 96c4fb8eb3eba9e8624d0503096c857c2520ce985382cf1af0974eb89119772c
GET /resized/size16/sfiles/logo_teams/5e567e36d7149a9349cf60b3838db43d.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 728
cache-control: max-age=94608000
content-disposition: inline; filename="5e567e36d7149a9349cf60b3838db43d.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 22:01:00 GMT
x-request-id: 34d137ff6c5c34b3550977010e0fe0e5
x-time-ng: 0.034
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d0f9aa1abeeef82f3b1754e502d1e73a-82f608f0462b0728-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T22:01:00+00:00, 2024-05-08T07:51:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/640c4acb23056e417ea7a06b727d5b1c.webp | 185.244.209.62 | 200 OK | 728 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/640c4acb23056e417ea7a06b727d5b1c.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash0f4be90bca53eaa91e64c850ced091a5 07a7aad21130cdd911bebbc5aea6c919ce04f9de 78ee34716c48c845f5749947d84df66fbf6a8012250068d5ec3726ae7cbfdca6
GET /resized/size16/sfiles/logo_teams/640c4acb23056e417ea7a06b727d5b1c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 728
cache-control: max-age=94608000
content-disposition: inline; filename="640c4acb23056e417ea7a06b727d5b1c.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 02:56:15 GMT
x-request-id: f8022f11289fbee24b8b488d11336c72
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a64a23bbafb82ff5d228952df579cffa-8845129d7525cc6d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T02:56:15+00:00, 2024-05-06T17:12:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/663cd2a90018ab10f0f9d6f0a1fdc4bd.webp | 185.244.209.62 | 200 OK | 738 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/663cd2a90018ab10f0f9d6f0a1fdc4bd.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash83dffce7f341a89c0e93181fe421dd0d 153fa23db67598a966766691cb63310c2a361c36 8d2f59521cc483844f293b11a1386a94c17da92d84ac1f150eda3f3516386994
GET /resized/size16/sfiles/logo_teams/663cd2a90018ab10f0f9d6f0a1fdc4bd.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 738
cache-control: max-age=94608000
content-disposition: inline; filename="663cd2a90018ab10f0f9d6f0a1fdc4bd.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 22:00:59 GMT
x-request-id: ec9f7b08598b7903bb2ad048b38979c1
x-time-ng: 0.046
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3b11cc639b24e200001046849ae08300-fd8f00c56bc0f0f7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T22:00:59+00:00, 2024-05-06T17:12:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/7d8648bcb1883abeec83f1292e52819a.webp | 185.244.209.62 | 200 OK | 784 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/7d8648bcb1883abeec83f1292e52819a.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hasha30f5eeaa542f15042b79418b5cea3af f5a7359f28149b66804de9d31306a5f3368963e9 6ce13a766ae93a94e3d125f839fe38db43dcb2029d01c9c5f3682ded2faf6526
GET /resized/size16/sfiles/logo_teams/7d8648bcb1883abeec83f1292e52819a.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="7d8648bcb1883abeec83f1292e52819a.webp"
content-security-policy: script-src 'none'
expires: Wed, 28 Apr 2027 08:51:59 GMT
x-request-id: 5816e3c5d0480c68c9d9d6ca89192599
x-time-ng: 0.072
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-054eb767a43261ad10988e403982e4a0-d0f38e0adaab16b1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-28T08:51:59+00:00, 2024-05-09T04:34:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/7b79685e5fe591a9186c469db06c34ad.webp | 185.244.209.62 | 200 OK | 684 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/7b79685e5fe591a9186c469db06c34ad.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash8fa852a76009baab756a5fdb1372e4d2 164d36626e853bd85ecdb9aa59ada64a77a4d21b 726110a0d0cb80b56673a805d833ca7434a66bbffa3f65c014b6a19d3901c009
GET /resized/size16/sfiles/logo_teams/7b79685e5fe591a9186c469db06c34ad.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 684
cache-control: max-age=94608000
content-disposition: inline; filename="7b79685e5fe591a9186c469db06c34ad.webp"
content-security-policy: script-src 'none'
expires: Sun, 09 May 2027 04:51:45 GMT
x-request-id: 9529d585d03da393b4e8cb950107051f
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-029825d334f7b479a7e8b0383affb6bd-310e5d9b281e815b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T04:51:45+00:00, 2024-05-09T05:28:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/user/secure | 178.253.29.51 | 200 OK | 841 B |
URL POST HTTP/21xlite-461430.top/web-api/user/secure IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash800f649d8565b169f001dae90e927261 c7419fb15a683515fda5922a9f9716b6d78b7a77 d45a0bef1a46dcf89738487f3e489d0ee56a8c6727f207afc9dc608901ea0a29
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/user/secure HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=15, dt_total;dur=411.542, wf-uht;dur=0.425
set-cookie: _glhf=1715331871; expires=Fri, 10-May-2024 05:08:15 GMT; Max-Age=3600; path=/
traceparent: 00-fc345895147a8b458e94ff46c33c896a-fa9b5b694310c426-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/a9112d2b7c12a81eb15bd867b4632ee1.webp | 185.244.209.62 | | 656 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/a9112d2b7c12a81eb15bd867b4632ee1.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashcd4a0a2bf096157979aee36883a4e5ce d00a973a630f2b23e3940a5b26995514bd7a53bb 912b5c5d5b30bfb94413190bacbc9ad80cec77e0bc2def6eef0c1a369eb07c60
GET /resized/size16/sfiles/logo_teams/a9112d2b7c12a81eb15bd867b4632ee1.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 656
cache-control: max-age=94608000
content-disposition: inline; filename="a9112d2b7c12a81eb15bd867b4632ee1.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 06:20:28 GMT
x-request-id: 509a7762f0a32112404f87f1a3910aad
x-time-ng: 0.042
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4c483af13c9c46206ec383367ca48687-88f556de7efa0bd8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T06:20:28+00:00, 2024-05-06T17:12:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/25787.webp | 185.244.209.62 | | 606 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/25787.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash4cb6ba98926f0d6add10342c441cbf14 0161ab62b7d9dc73a7671000bd5015643d6885d1 4d66ad112b793c06b07fa8d31fc3bb49f08be3f135bccf1a7d67948ffd1b0630
GET /resized/size16/sfiles/logo_teams/25787.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 606
cache-control: max-age=94608000
content-disposition: inline; filename="25787.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 15:47:10 GMT
x-request-id: cdaf728971a04090128de9e9aabec843
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-32971a7437ac96e3a5e6fd2bd47b31ed-2dfe2a6cefe6a11b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T15:47:10+00:00, 2024-05-07T21:16:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/230875.webp | 185.244.209.62 | | 576 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/230875.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashf995ac2c5e9b834255f5b1970f3b30a3 ff491e5e8e2db57c5d6a32d7775afd3ef57ed315 dbb86c00b29a387a0dba4dd4657f62969aefb4322d5477b2aa1221649cb8fafe
GET /resized/size16/sfiles/logo_teams/230875.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 576
cache-control: max-age=94608000
content-disposition: inline; filename="230875.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 08:34:14 GMT
x-request-id: 6ca85a2e657d8c90055454b052b346e8
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ec92463182ebb0366602696249f535c6-9cca8b278ed3fed0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T08:34:14+00:00, 2024-05-06T17:12:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/e08cfad921921a1d1f63e7b7115d8ecc.webp | 185.244.209.62 | | 616 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/e08cfad921921a1d1f63e7b7115d8ecc.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashc4c785ed562f8eef8e936fff47ffc7b6 de06192d3cf77387b588ab45cb822a389e329b7e eefb7fc2c9055f250f51ea166238f8ef6460bc7e449a4d4a5ed8e3342dd9829b
GET /resized/size16/sfiles/logo_teams/e08cfad921921a1d1f63e7b7115d8ecc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 616
cache-control: max-age=94608000
content-disposition: inline; filename="e08cfad921921a1d1f63e7b7115d8ecc.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 13:33:40 GMT
x-request-id: d36627b64d216f2d54130cff29be9c80
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-69f94597bd0eef9e7e42ccf993f0916d-157c4befa08871f9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T13:33:40+00:00, 2024-05-07T20:12:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/6e4f44970f29778a75071f29092e9766.webp | 185.244.209.62 | | 580 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/6e4f44970f29778a75071f29092e9766.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashf2a208d0952030f93f4dcab8e7d59c18 94b8df9564794df9f1a7e37b2f87cdd5a853133c 23c6aad0db937571e95225668327568c56c9cb467121ff25f0fd0889c13d6e19
GET /resized/size16/sfiles/logo_teams/6e4f44970f29778a75071f29092e9766.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 580
cache-control: max-age=94608000
content-disposition: inline; filename="6e4f44970f29778a75071f29092e9766.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 15:19:29 GMT
x-request-id: 631a5dcf8cc963d5a1ae87478e693fce
x-time-ng: 0.059
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d056d621f67428c3bc135c6eceb76085-187e5d05eaf7d48f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T15:19:29+00:00, 2024-05-08T04:16:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.8 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash7943d2ae64b48ca1d566ede0221d47c3 234b6fcf18880eb75604b24ad2d09431cc41fcbd 3da5b4fdd7a1b3b0ad0ce259b90ea42049d462bb3628a6a47a486a1aaf03059f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: application/json; charset=utf-8
content-length: 9802
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:16 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-c2bb372a.js | 185.244.209.62 | | 2.3 kB |
URL v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-c2bb372a.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7751), with no line terminators Hashd1c3350409fced81d3bdaa120774e126 b1d363217e08b0c554387b7ec8e55ca81d1b26e6 ae5f5f10dae7227a4979a2a6288d9078fabd7e3c3907f426f5614d2d84b7c45d
GET /_nuxt/desktop/default/betting.SportsMenuCompact-c2bb372a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 2285
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8ed"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:55 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cefa67fd440bb9cbbdae2c239eee9cb4-73c26163753cddc6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:55+00:00, 2024-05-09T11:24:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css | 185.244.209.62 | 200 OK | 705 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (4705), with no line terminators Hash2b6cccff5325f6e14ccd6ec354319cd6 f4ec05fc468d3daddec1a3d825c29a55ce4b2050 a153e31a0350b58aad71597632348e14c954738845b58f05ca04b8212dbaca38
GET /_nuxt/desktop/default/css/ff09be90.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: text/css
content-length: 705
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-2c1"
content-encoding: gzip
expires: Thu, 09 May 2024 14:42:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0fa9f235778d6d5ddc925315b262a457-f6db1e2272cd3b93-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T14:42:14+00:00, 2024-05-09T07:17:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true | 178.253.29.51 | 200 OK | 2.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash6012626f2cfff9806e7e77ff35056f32 33122b233f50af78369ef1314278024ad9d6b50f aa234d119a5331e54fc81683666603afc178542c7c2467d678f97d081259d654
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: application/json; charset=utf-8
content-length: 2701
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:16 GMT
vary: Accept-Encoding
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp | 185.244.209.62 | 200 OK | 6.9 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp Hashb7304b532dca88cc708b1c81edf7e051 d9ca9db864badb40bcab6d846ba7110413a339d3 324b9021e7fa1a227b418f5b0707e174d86aa20decea945eab3cea41aac8d2ca
GET /sfiles/games-images/game-previews/190x102/games-no-faceless.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/octet-stream
content-length: 6884
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "b7304b532dca88cc708b1c81edf7e051"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:10.000Z
expires: Tue, 14 Nov 2023 18:21:42 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-73e326323b9da8697a901b6983d26d71-c2fcc68da405a85b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T18:59:15+00:00, 2024-05-09T08:16:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-512.webp | 185.244.209.62 | 200 OK | 14 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-512.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp Hash191bfc954a2da6531602f603c6ed7611 b5f5c2711dba90df3ae1e63baf2b64badf68af70 c4664bc5becc85f93850b3a1274cc165592c1d45b75c2f4eddf48c08b5ea6940
GET /sfiles/games-images/game-previews/190x102/game-512.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/octet-stream
content-length: 13478
last-modified: Fri, 12 Apr 2024 07:17:26 GMT
etag: "191bfc954a2da6531602f603c6ed7611"
x-amz-meta-origin-date-iso8601: 2024-04-11T07:55:04.504Z
expires: Fri, 10 May 2024 12:52:15 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b67cedac1f402105a6bb0dfdfa480cd3-ebf8ad2cae26069b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T12:52:15+00:00, 2024-05-09T13:40:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.334/285/sports.svg | 185.244.209.62 | 200 OK | 168 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.334/285/sports.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size168 kB (167855 bytes) Hash35023ed00daecdbbcef869ac8f7bafc2 935e531d36a33849d19a412d2e8f4a1e444fa32f bdd6e0b8e601f7e63ee0c1be8d1729eca3a4492a047ba37e87a3134bc0a47782
GET /sys-icons/1.0.334/285/sports.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:57 GMT
etag: W/"0c52e0c32f8f2667a72e0d57b63e02a3"
x-amz-meta-mtime: 1713272153.42490276
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:48 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9d0e0e5b93a19ed825bea5e5ace7b03b-cd9922e946dd8bd2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:48+00:00, 2024-05-09T11:07:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true | 178.253.29.51 | 200 OK | 2.1 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash5a4d721ca1d28659d7a8e53b5378dbf0 e6e068a71afb37316a83a099b41c6b8ddbdcdbe6 5deb5df589ef6f81507b8a76efc8076793d4ee6864d938c6222f93d22caca427
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/json; charset=utf-8
content-length: 2084
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:17 GMT
vary: Accept-Encoding
x-time-ng: 0.060
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.068
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp | 185.244.209.62 | | 6.2 kB |
URL v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp Hash64ff358fd3a82358542d29d53649dd85 0a15b0731a9468fe49e3b512febe91d951ef6156 a9ae35f930c0bf59e407a0c082347049ae11738d330df4e32f4b2b1129d1470c
GET /sfiles/games-images/game-previews/190x102/game-371.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/octet-stream
content-length: 6158
last-modified: Thu, 31 Aug 2023 08:10:58 GMT
etag: "64ff358fd3a82358542d29d53649dd85"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:04.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-44ebb6d576cd974f4f78cc37f0a03d3c-0933d9193e6692aa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-09T08:16:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp | 185.244.209.62 | 200 OK | 20 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp Hash2c02d34e261b48da9db2682ad433c5e8 e6b9618ac0040910f755a6f24dcb2f5500bb9aca d8db064ea1623849ccee86b27bdb7825aa0dc452293576de352f9269af60ecfe
GET /sfiles/games-images/game-previews/190x102/game-249.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/octet-stream
content-length: 19770
last-modified: Thu, 31 Aug 2023 08:10:56 GMT
etag: "2c02d34e261b48da9db2682ad433c5e8"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:00.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-92a0d833a2cc492d40488b2e483fd004-b63af150e7bdc9e0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-09T08:16:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js | 172.64.148.184 | 200 OK | 115 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Size115 kB (115360 bytes) Hashcc923dc1c3b87452e1fe940b99f5d21e 56d6c1859ecb24ce72f96cfca84c5b73e0c910f7 27d81b88c6a942ecde1707b200e6a2dc9f25fa40f64d1670916ff9b2b3391ea5
GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 816024
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898ce0afe-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/sounds/new-message.mp3 | 172.64.148.184 | 200 OK | 30 kB |
URL GET HTTP/2widget.suphelper.top/sounds/new-message.mp3 IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeMPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo Hashef9af24dc7dbd24ffd99c832e1300351 f78744a5013038446c468de14f205f2d52373fd6 5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9
GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:19 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"7500-18f381bf786"
cf-cache-status: HIT
age: 3130
expires: Fri, 10 May 2024 08:08:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881711411c660afe-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js | 172.64.148.184 | 200 OK | 84 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hashf213fa33373b2d40bfb7ef293284c669 3b44987dccc40e3d70ad29edd22a1ad91cf345d1 8bbf695ab2d2452feb428aaa65aa13b89a20573fbb96b4987cb47dff8d3546eb
GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 806182
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113868c30afe-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-animations/game-169-animation.svg | 185.244.209.62 | 200 OK | 2.2 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-animations/game-169-animation.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hashd92d57f94eeec10bc91436ab10d9715d 0d5edabfd0d1336b99abb6146c036de229f2a849 e037bbf3401d17291e951849e4ee6c25aea59a11c9a482b6819db18de94adfd7
GET /sfiles/games-images/game-animations/game-169-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:18 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Jan 2024 08:41:21 GMT
etag: W/"6b19d39f5180df62c717cfa7d870e7ed"
x-amz-meta-origin-date-iso8601: 2024-01-12T15:52:06.000Z
expires: Fri, 10 May 2024 00:01:03 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2ed7d542a3a0b4b62f070aa682170684-f4ce52837a672fd1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T00:01:03+00:00, 2024-05-10T00:07:41+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-5a8fe517.js | 185.244.209.62 | 200 OK | 705 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-5a8fe517.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size705 kB (704739 bytes) Hash6ec9e34af9c690e2c370449898f1bbcd a9aaf1cd00fbc44bee09e9824747835d550fe009 af22faaefa27cf0fa6544dcf0b2de34ddf6cf656d8b57ec74e4f825da566ce61
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-5a8fe517.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:19 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"0d38c5af85509fb3a865ab3c5282960e"
x-amz-meta-mtime: 1715184545.995120472
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:37 GMT
cache-control: max-age=86400
x-time-ng: 0.005
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4e45698d42851bd31db73da058f5154b-13ada97f4a8879a5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:37+00:00, 2024-05-09T11:07:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en | 178.253.29.51 | 200 OK | 31 kB |
URL GET HTTP/21xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash5e57488ece417dfb2d0d023a6c9d0423 cc3add288721c1e6c3d3e9413fd0de50a9d38467 8da57ebaa0d0d6ecfbac547e80404973484e6cd38820bb8adfcde943511e4c28
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/config/contacts.json?type=2&lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=0.79, dt_total;dur=133.352, wf-uht;dur=0.148
traceparent: 00-f775facde46498306cc5a98824ae4135-9423b9c3e988c28e-01
vary: Accept-Encoding
x-cache-expire: 492
x-cache-hit: 1
x-dt: 285
x-time-ng: 0.133
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 | 178.253.29.51 | 200 OK | 3.8 kB |
URL GET HTTP/21xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hasha17d6ff3bbf3a3309a6c6899d6066c47 9b52c8fa25a0ebdca03b9c0b91cf0b8f3092a1ae 27dcc300a0f1c6be498c34183c6f710e51a1887d8de4d5b854e682e69c7a6fc3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=100, dt_total;dur=101.483, wf-uht;dur=0.115
traceparent: 00-284967424eb057d00df6f16f202df77d-65694945b94bc082-01
x-dt: 285
x-time-ng: 0.101
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/registration/fields | 178.253.29.51 | | 7.4 kB |
URL 1xlite-461430.top/web-api/registration/fields IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash3b5fc74c6bee5ffbc649f663e5f6c1a3 0f00adb4eb180726ecd2abcc2317a29beceb13bd fe1005c8a0940ff6384b2b89aa744d692b9aed79f1d72cecfa11d1bb11fa7294
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/registration/fields HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 19
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=57, dt_total;dur=60.570, wf-uht;dur=0.071
traceparent: 00-1482ffbd35360de6056b3db74e4a8e70-53bcb0715f229e8d-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.059
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js | 185.244.209.62 | | 1.4 kB |
URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hashf8c917665c2f2b993dd13aa43903aa89 ad9c3a890cc67722c3338b113d90c9a33ebec621 edd4e000a1516fd749dc93dfc48feb5b0f5f249cfbf3b2b05074ffc2dc567e76
GET /sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 13:08:03 GMT
etag: W/"518e0ae196483ada8b528a1f2b7df0a1"
x-amz-meta-mtime: 1715259983.675899864
content-encoding: gzip
expires: Fri, 10 May 2024 15:18:14 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-03bd0cfbaa55ca6c41c97d3565ac54d4-55eec1daeae28cd7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T15:18:14+00:00, 2024-05-09T15:54:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/366613.webp | 185.244.209.62 | | 598 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/366613.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashbdee56588cda1f08482306ef5a0911f6 b31c1219d253264a144de651fc4f556d5f282e43 e9711a6bdc797eff7a62d56194bf4a48e000d5228e9ec7726c6750f6ea1f0f75
GET /resized/size16/sfiles/logo_teams/366613.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 598
cache-control: max-age=94608000
content-disposition: inline; filename="366613.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 22:05:06 GMT
x-request-id: 45ab41bc2daa827242c4c4e1b434ed60
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d8abab0b2253620b78de6c34fd23b54a-b7644f878e7215af-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T22:05:06+00:00, 2024-05-07T02:05:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js | 185.244.209.62 | 200 OK | 12 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash94f1f0fde1dc80d0f1e96c2d2140dd9d d44984cea4f32e96b070e731246d0a7165f178ab d9fb040b155d987e002d7650b6d6c313ca098cd425cfbe74b89fcaa7b119eb7a
GET /sys-static/shared-assets/__shared_localforage_PLMWICWN.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 14:32:04 GMT
etag: W/"dfa127e93d125d4f6c566203eaf225f2"
x-amz-meta-mtime: 1715264772.785909534
content-encoding: gzip
expires: Fri, 10 May 2024 15:18:14 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8c57c1dde3d9ba00eab4d70cb96a0d65-82cdbb8342b011b2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T15:18:14+00:00, 2024-05-09T16:01:12+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js | 172.64.148.184 | 200 OK | 38 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hashd1a507ecafb2d5f60431a635fee6ebc0 54e5fe342823c0fc6e111b5055b96c0e68dfb4a0 89425b57b4cb37d6fdd2f481c08077b657fac6eb866e1473c2a1b5e3f41ca708
GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"12fe9-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 811742
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113868c60afe-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/c71e8237a3f3c27632e9e8f524d3dcb0.webp | 185.244.209.62 | 200 OK | 684 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/c71e8237a3f3c27632e9e8f524d3dcb0.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash8fa852a76009baab756a5fdb1372e4d2 164d36626e853bd85ecdb9aa59ada64a77a4d21b 726110a0d0cb80b56673a805d833ca7434a66bbffa3f65c014b6a19d3901c009
GET /resized/size16/sfiles/logo_teams/c71e8237a3f3c27632e9e8f524d3dcb0.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 684
cache-control: max-age=94608000
content-disposition: inline; filename="c71e8237a3f3c27632e9e8f524d3dcb0.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 07:05:00 GMT
x-request-id: 0c2f2ef4a5240b72db087da76b7850a8
x-time-ng: 0.052
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e427df19e7d9de963874536cb5d1234c-d7e9ba61861ddd73-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T07:05:00+00:00, 2024-05-08T17:10:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/7bb14f3d3a381559c9c3e4dc30181268.webp | 185.244.209.62 | 200 OK | 688 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/7bb14f3d3a381559c9c3e4dc30181268.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash6ead86de7c677ac2ef33af35f35dcbd5 cc1d57bc18f86e1b23486ea5cee3e5cdc6e2483a 4f15238f3fb34a72459c64b232c7abe4e2743c1371efe3375598869fe218142c
GET /resized/size16/sfiles/logo_teams/7bb14f3d3a381559c9c3e4dc30181268.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 688
cache-control: max-age=94608000
content-disposition: inline; filename="7bb14f3d3a381559c9c3e4dc30181268.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 19:02:15 GMT
x-request-id: 2478775b8a2f507324d551950f965664
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-424bf6f678ecb6a3cf45c2e216787306-04996d413b257180-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T19:02:15+00:00, 2024-05-08T19:35:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/c676825d173b0dc577ff8e7baf68785d.webp | 185.244.209.62 | 200 OK | 684 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/c676825d173b0dc577ff8e7baf68785d.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash8fa852a76009baab756a5fdb1372e4d2 164d36626e853bd85ecdb9aa59ada64a77a4d21b 726110a0d0cb80b56673a805d833ca7434a66bbffa3f65c014b6a19d3901c009
GET /resized/size16/sfiles/logo_teams/c676825d173b0dc577ff8e7baf68785d.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 684
cache-control: max-age=94608000
content-disposition: inline; filename="c676825d173b0dc577ff8e7baf68785d.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 11:59:08 GMT
x-request-id: bf4e6c47f266357cc23268ad57c79bf0
x-time-ng: 0.049
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-aa033faea4997b60fda162358c7189a9-2431d2f169868c5a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T11:59:08+00:00, 2024-05-07T11:59:53+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js | 172.64.148.184 | 200 OK | 11 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hashbf8425a85a1cf6851eb2e191fe566229 0ae0b34f0675214c2df968ff148d4212af99fb12 1b05ce774e4c9eb44fb89a31d4bffd5c10677312ff10c58ef40216c40b19dd85
GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 816024
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898cd0afe-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/e2078697a64ec2c40345a99559022625.webp | 185.244.209.62 | | 588 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/e2078697a64ec2c40345a99559022625.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashbee7ec080229d9b14a01b948025e0f0f 8c1d787e50a93476d4775d534f2913f04d20c6ae db4e1403c2164fed6608c00f73638c77069570ce2e8250261c5b226b34e7f01f
GET /resized/size16/sfiles/logo_teams/e2078697a64ec2c40345a99559022625.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 588
cache-control: max-age=94608000
content-disposition: inline; filename="e2078697a64ec2c40345a99559022625.webp"
content-security-policy: script-src 'none'
expires: Sun, 09 May 2027 20:58:11 GMT
x-request-id: baafa1d085d524ba7f29edd4d614f0d4
x-time-ng: 0.081
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-85808f35f554a92b5629665c76435f9e-0c080484cddbefdd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T20:58:11+00:00, 2024-05-10T03:58:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/f35f81164761543749957219b87cdfd7.webp | 185.244.209.62 | | 628 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/f35f81164761543749957219b87cdfd7.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashe7ee5300be8d019c427552b9c5e1e384 5b91af25d861899e0a3e2fb1847cb3279ae1f912 7e14dc216547a06bc906fd2ee33fb101fd560d293d11a47e33777a9533d6646d
GET /resized/size16/sfiles/logo_teams/f35f81164761543749957219b87cdfd7.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 628
cache-control: max-age=94608000
content-disposition: inline; filename="f35f81164761543749957219b87cdfd7.webp"
content-security-policy: script-src 'none'
expires: Mon, 10 May 2027 00:49:44 GMT
x-request-id: 85022b803ad1829c555b01e1b0d56db5
x-time-ng: 0.048
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-364437ae638f1dd515bf56da3e5776c6-2f5a77ea10975f5c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T00:49:44+00:00, 2024-05-10T03:58:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/2bc22601f92ef11898f1ff96162a562f.webp | 185.244.209.62 | | 688 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/2bc22601f92ef11898f1ff96162a562f.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash6ead86de7c677ac2ef33af35f35dcbd5 cc1d57bc18f86e1b23486ea5cee3e5cdc6e2483a 4f15238f3fb34a72459c64b232c7abe4e2743c1371efe3375598869fe218142c
GET /resized/size16/sfiles/logo_teams/2bc22601f92ef11898f1ff96162a562f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 688
cache-control: max-age=94608000
content-disposition: inline; filename="2bc22601f92ef11898f1ff96162a562f.webp"
content-security-policy: script-src 'none'
expires: Sun, 09 May 2027 20:58:10 GMT
x-request-id: fed480c18b6c518e6462bd7b5a91a719
x-time-ng: 0.027
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-66343fa694e9e5d86a62b492432b0569-c2ef08f4370cc1c3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T20:58:10+00:00, 2024-05-10T03:58:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/8c485732468e18b263701ee8af63ec49.webp | 185.244.209.62 | 200 OK | 688 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/8c485732468e18b263701ee8af63ec49.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash6ead86de7c677ac2ef33af35f35dcbd5 cc1d57bc18f86e1b23486ea5cee3e5cdc6e2483a 4f15238f3fb34a72459c64b232c7abe4e2743c1371efe3375598869fe218142c
GET /resized/size16/sfiles/logo_teams/8c485732468e18b263701ee8af63ec49.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 688
cache-control: max-age=94608000
content-disposition: inline; filename="8c485732468e18b263701ee8af63ec49.webp"
content-security-policy: script-src 'none'
expires: Mon, 10 May 2027 00:49:44 GMT
x-request-id: 79b56843203453593874cb285c2a6ffd
x-time-ng: 0.083
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c525cdc41d30f95702c57ca1915c3a21-e6559b73d39b2ccb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T00:49:44+00:00, 2024-05-10T03:58:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js | 185.244.209.62 | 200 OK | 34 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash48bb91d23d3e4825f99a66a16dd45bc5 6b6b7078a49d582fa6dfbb92a6b1784b8006213d bf8d15947eeb3d26298f1d28b71f5d35c1f6bcf0da49270f0b7dec1910cdf19c
GET /sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 07:12:11 GMT
etag: W/"67267513246705d46a0bb83e1f8efd2a"
x-amz-meta-mtime: 1715238619.542425469
content-encoding: gzip
expires: Fri, 10 May 2024 12:42:09 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bace10bebb52334ae3e22608be6ba1ce-c71cde9655d99119-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T12:42:09+00:00, 2024-05-09T12:51:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/cce25522580165589a18f52d2107f05a.webp | 185.244.209.62 | | 694 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/cce25522580165589a18f52d2107f05a.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hasha72656c18bcf66f0e83d61e79bb60c4f 160acbe3cae7cc3912b613f6b3ba299300a2ae81 542efa59acba1f2e06a23cf722fa955cc6187a8523b624e4d5033f89010c0f80
GET /resized/size16/sfiles/logo_teams/cce25522580165589a18f52d2107f05a.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 694
cache-control: max-age=94608000
content-disposition: inline; filename="cce25522580165589a18f52d2107f05a.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 11:41:53 GMT
x-request-id: 62f98453c19d377ba3a6e6a395000300
x-time-ng: 0.034
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-31bde208f4d277eb8759b37fb1ca96cf-190527119b864fee-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T11:41:53+00:00, 2024-05-07T21:40:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/4724017287c33fa4d6c7cba24147377f.webp | 185.244.209.62 | 200 OK | 628 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/4724017287c33fa4d6c7cba24147377f.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashbf63f197b6450558abb49cd698d2ae31 7c497f3f735754e1ae1e7f0b49b009ecc5152b71 c269f8e74361f8a5339cd0624dd312257555614583ec8b311f8c77542aac000d
GET /resized/size16/sfiles/logo_teams/4724017287c33fa4d6c7cba24147377f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 628
cache-control: max-age=94608000
content-disposition: inline; filename="4724017287c33fa4d6c7cba24147377f.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 02:35:16 GMT
x-request-id: 0ec1f9a3ec04184eca1b917efa17a275
x-time-ng: 0.044
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1b3e9dd9e3c55123360eff69bc129f79-7fc970da5504377b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T02:35:16+00:00, 2024-05-08T02:41:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/6e8e3064432fcce15a105b8d24142ded.webp | 185.244.209.62 | 200 OK | 586 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/6e8e3064432fcce15a105b8d24142ded.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash15c87c395b94cda9b5521f654412138d 641cd6280895b5f2ca4a559128e64c725a1e8893 2fae81bb41952e5657722825606f7b892b794097f4205a39c32d2ab9106c4354
GET /resized/size16/sfiles/logo_teams/6e8e3064432fcce15a105b8d24142ded.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 586
cache-control: max-age=94608000
content-disposition: inline; filename="6e8e3064432fcce15a105b8d24142ded.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 15:00:29 GMT
x-request-id: 81675640f58fd2a09b8ebcb3c31bc732
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5b48f6669d85f8fd5a29f4ee3bb63a07-7855f09805f3dd47-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:00:29+00:00, 2024-05-07T21:40:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/31113.webp | 185.244.209.62 | 200 OK | 618 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/31113.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashcf4e5c9ed89d1ea9d8649e2754025a62 854bf365e8ffb2014b14a7c5ce52013290f17006 d6ef32eca353776338a564b2c24a2b8545701f50a759fde2a191bd400e2951b4
GET /resized/size16/sfiles/logo_teams/31113.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 618
cache-control: max-age=94608000
content-disposition: inline; filename="31113.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 12:28:12 GMT
x-request-id: 0fbc00c5b8375fe864f3026c5fc9eb27
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4c0cb38ad07e2849a049055f6e96e8be-c2e3f489fb132b0c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:12+00:00, 2024-05-07T20:12:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/f17edbb0def43126b3a4b09d825c5bb9.webp | 185.244.209.62 | 200 OK | 608 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/f17edbb0def43126b3a4b09d825c5bb9.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash91774786a8653272376a21d63c2615ca 543a4afde1bc199c4032c53e9de81bd9faea6bb9 9961971d85aec12f8f077a820df3d6db55ef013867177865355915580657f54a
GET /resized/size16/sfiles/logo_teams/f17edbb0def43126b3a4b09d825c5bb9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 608
cache-control: max-age=94608000
content-disposition: inline; filename="f17edbb0def43126b3a4b09d825c5bb9.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 05:52:21 GMT
x-request-id: cf30a76539eb97cbd8742545b9ae5851
x-time-ng: 0.035
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-810c895fc7297f8b2c06f6704b98e96a-3d30266bbac1c7d5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T05:52:21+00:00, 2024-05-08T19:35:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg | 185.244.209.62 | | 51 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 1380x248, components 3 Hash15b1bda7b31ccc5eacce67afbe6f160b d41eac3583bb0495a008b0d1e4a584d103feb436 2e1b52936d0c7081d46010cd49e236aed8cefc16adad7c908c108aff4a73718d
GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/jpeg
content-length: 51087
last-modified: Tue, 11 Apr 2023 18:15:30 GMT
etag: "15b1bda7b31ccc5eacce67afbe6f160b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-200c2d28efe71e84cfe21a262034be11-eec66918b321e880-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:23:51+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.png | 185.244.209.62 | 200 OK | 234 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 1380 x 248, 8-bit/color RGB, non-interlaced Size234 kB (234183 bytes) Hash29cbfc647b35d624dbb21a2480adcf74 2af51a37649fc6d91e331954244ae02fa39e4012 1c004afe245526de4788b8cbd4773d431ae624ec5902b5b81c6de6696893f5ec
GET /genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/png
content-length: 234183
last-modified: Tue, 07 May 2024 10:14:00 GMT
etag: "29cbfc647b35d624dbb21a2480adcf74"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2180529c1aaabf6750e822907819b2ed-5811c07a9c24c5bc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:20:16+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg | 185.244.209.62 | 200 OK | 1.4 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash886a20096e1c4869d510740a41df5812 7a9a79a4ca6251afba1a3910efeb6bca4a425ee6 3b8952ad0299b2b7039e1dc767edeaa840348e71ae43b3805badd8a6fb2a4598
GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/jpeg
content-length: 32867
last-modified: Fri, 26 Apr 2024 11:44:33 GMT
etag: "590bf4dea9eca01477197273e697a2f2"
x-time-ng: 0.027
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b42e99ddf3e2cd1a5bf48a8d7ecd61a4-8c71f2c77bc3cfd4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:46:26+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size24/sfiles/logo_teams/08a25897e35d75d7261a8095b9599aad.webp | 185.244.209.62 | | 1.2 kB |
URL v3.traincdn.com/resized/size24/sfiles/logo_teams/08a25897e35d75d7261a8095b9599aad.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashe63abc1e41178a97d4197c51567e25c8 2093338e3a4804d8c80fafd7720537056d9d0bea 0c2de26224b4b34463e0e2c5c8f38d60edf6fbf7d97a568671892edc96be354e
GET /resized/size24/sfiles/logo_teams/08a25897e35d75d7261a8095b9599aad.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 1220
cache-control: max-age=94608000
content-disposition: inline; filename="08a25897e35d75d7261a8095b9599aad.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 11:19:47 GMT
x-request-id: 5ed651ab54561c418f16ac8f894afb00
x-time-ng: 0.049
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3350a63230706eed68908086843b475e-fca76df1d9110348-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:19:47+00:00, 2024-05-08T11:29:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp | 185.244.209.62 | | 15 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hash2ccdf625b855ce93bc9b56a671accd6e bc8f3a791f6251b714bafad614d15c477ba428e4 c5012a832581da604a5c57e8f822008f749fe484c6d24127ca91232af71169cd
GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 14610
last-modified: Thu, 08 Jun 2023 09:20:03 GMT
etag: "2ccdf625b855ce93bc9b56a671accd6e"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1586eeb7c7a17996fd993097649dfb41-dc7205d4b45fdb48-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-05-10T04:03:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp | 185.244.209.62 | 200 OK | 16 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hash99937fec94322155d99465451e84e5f4 0549b153f8e34c242f71817a038f7ebad37d27be d35bc328538e182310574b3ff1d58134efedc49c9f3dbb43ec6df65fed624f33
GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 15874
last-modified: Fri, 26 Apr 2024 11:44:53 GMT
etag: "99937fec94322155d99465451e84e5f4"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2ae3a03708b6f55ec7aea5fdb30af287-f1807e921cb842f4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:45:30+00:00, 2024-05-10T04:03:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.webp | 185.244.209.62 | 200 OK | 9.1 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hashd18b01730ec2180f53426d1bcd4101f0 71318f020e1c01fdf9a150dd9853c896f4b03662 4cf9682b1d98dd94f7636a874e0020969d200bfb9b59d3c0d57e01923ee2f413
GET /genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 9072
last-modified: Tue, 07 May 2024 10:14:26 GMT
etag: "d18b01730ec2180f53426d1bcd4101f0"
x-time-ng: 0.004
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-60297efcaf6dd654cf984b19b12678a9-03d6d3742a1989f6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:19:47+00:00, 2024-05-10T04:03:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png | 185.244.209.62 | 200 OK | 231 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 1380 x 248, 8-bit/color RGBA, non-interlaced Size231 kB (231413 bytes) Hash5f92240dea2753875e3104a6704f93e6 41d042b4876f18001842a761d05ad4a0575ca7f4 2d51f316311a3977d1dcee31a3332f720f72a842d8924ea4b8f014a23ca859b7
GET /genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/png
content-length: 231413
last-modified: Wed, 21 Jun 2023 09:54:48 GMT
etag: "5f92240dea2753875e3104a6704f93e6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-19fc2fd35f46516865cc9f9c27f78d21-060647c119561294-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T12:28:11+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.334/285/country.svg | 185.244.209.62 | | 209 kB |
URL v3.traincdn.com/sys-icons/1.0.334/285/country.svg IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size209 kB (209207 bytes) Hash4160dbeee26957877c585210f825ca20 0aa2a9317cce298184518ad96d5e165b4a9091e2 9265e9f7da7459cc8ac0fc927ab315babce2383c91ba4a73dd63b421739b1ee7
GET /sys-icons/1.0.334/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:28 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b3c300a5764ad9458a241a2d56c224a8-71870c8e762c73d8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:28+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp | 185.244.209.62 | | 18 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hashb7e3857cdc8cbde71f63af81a61f5cfb deeb62ea6e9b702bb9e3f395483c3c00445adcf8 786e67817e82780aaeb0d2bca1e57e06fff5ae9fa89b2747b1af57913886e25f
GET /genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 17490
last-modified: Wed, 21 Jun 2023 09:54:55 GMT
etag: "b7e3857cdc8cbde71f63af81a61f5cfb"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8106c991a81b55caa98e40ed4f48dc10-5928bc3d902ccd0d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T15:26:35+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp | 185.244.209.62 | 200 OK | 20 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hash95767496ab1dce71f394c97620666756 127389c7327fec508549222dd477edbd524e33dd fca493b566204dfff5ef8b8cd6c74c40659c812ac6665696dd5c66c664a31c7e
GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 20522
last-modified: Thu, 08 Jun 2023 18:05:27 GMT
etag: "95767496ab1dce71f394c97620666756"
x-time-ng: 0.006
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-90189c1922710edbae0b06f9a5e840ea-350c33efe628da2d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js | 172.64.148.184 | 200 OK | 4.5 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hashc6c231281a7be9ff98223a55a481215e 381508398b35fc2c8257d28f597c091af915ffc3 2061cc8f1d8bb61a20172fce56af4fa7198088f9b3fad0d26c463bb81dde7704
GET /_next/static/f385e6db/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"5c-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 680448
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898d30afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/mobile | 178.253.29.51 | 200 OK | 92 kB |
URL POST HTTP/21xlite-461430.top/web-api/mobile IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash88a735d280071bd0bcea6a05c8268dbd a92aa0ddcd978b1e1e0f5440f7071b3415f450e5 23a8c199002362f3f6c78e974dc0ad77edaf43eea009bc57a21c22266e16dc64
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/mobile HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=18, dt_total;dur=39.415, wf-uht;dur=0.047
traceparent: 00-64ea68c4bea6ffd5337fa19fb8cf95f0-5bf6ac07ddd737e2-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.034
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js | 185.244.209.62 | | 8.9 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (39925), with no line terminators Hash7ddea2d217f72613646d2b7eff8e9d6f ea22eb4a231ac86ed0773f58ff856e1203bed07d 42c2cd82d0a96f636d5f7289a821ad8de15c7da1e57f58c13882da2209d4d576
GET /_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 8881
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-22b1"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-40f41969537d25f833c4814bc000fc47-4f74bbc70fc1ea3a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/session | 178.253.29.51 | 204 No Content | 0 B |
URL GET HTTP/21xlite-461430.top/web-api/session IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/session HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
cache-control: no-cache, private
server-timing: p;dur=14, dt_total;dur=19.024, wf-uht;dur=0.027
traceparent: 00-e2c45b9c3106eb05ea869b618265361c-f018b092a236992d-01
x-dt: 285
x-time-ng: 0.019
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6158757f111a.js | 185.244.209.62 | 200 OK | 715 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6158757f111a.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJava source, ASCII text, with very long lines (714) Hash6ee3bc259bfb800c3a044e012d0e1891 faf1bdf7b82d6f4da0783c56fd9149d9064a379a 5ae7bfa3bf9463a9e18abae9da1087a4a9f75b529ffb5c664dee152692c93f43
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6158757f111a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/javascript; charset=utf-8
content-length: 715
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "6ee3bc259bfb800c3a044e012d0e1891"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e6d9a71cc489b7c2000559a906b1c08a-b1faab597f5dafaf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:29+00:00, 2024-05-09T12:23:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/ | 172.64.148.184 | 200 OK | 96 kB |
IP172.64.148.184:443
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hashdecd7ac3a3f117867effa7ec4ba8121f 83c475ca21ef7e7c5fc2f581d745064418b0a2bf 3e6efc6cf628c088cf59045baf1b4cc0f29e61917fa2f60a125a0494b78e470f
GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 88171136c8280afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3016f30da818.js | 185.244.209.62 | | 504 B |
URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3016f30da818.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJava source, ASCII text, with very long lines (503) Hashe3d07e6f66159328ab36432621f76bb1 a6904f34c980d0670c78ca33d3af1d42c9f80332 3165b04b3f1b881e9ce209f0a2ccee985c00ed98db43e9cb6af5d530438b7d1b
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3016f30da818.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 504
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "e3d07e6f66159328ab36432621f76bb1"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5e787aa5a3c7a4334949653f32365a61-29735480583e9cd0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:29+00:00, 2024-05-09T12:23:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json | 185.244.209.62 | 200 OK | 4.6 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash3d975d77b05dee42b11643b263f80011 c4a7582dafdd134c1e365bbfac7e684335e41c85 18721cba4db6430e3cf7cb743136e605da222f084dc634e9ca6061a7aecf2de8
GET /genfiles/cms/betstemplates/bets_model_short_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: application/json
last-modified: Thu, 09 May 2024 14:03:46 GMT
etag: W/"d3e39abc76f19e176765d21ac9e70c5c"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4a6e52dfe0cd6b0f2af42d2e6820df62-b3f63f8478f0ab67-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T14:56:59+00:00, 2024-05-10T03:11:00+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/726083f27efa.js | 185.244.209.62 | 200 OK | 597 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/726083f27efa.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJava source, ASCII text, with very long lines (596) Hash76880f7538a0be62d4fc0f9e55db36aa 73f78086fe9d1875b8e289fc3c8e22ecaec4dacb 0491db56d6c0b9c1ecabeafcffcb6d1151d847f9145dd643d4a7f6408faee096
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/726083f27efa.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 597
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: "76880f7538a0be62d4fc0f9e55db36aa"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bc78f9c28ea1fa5363e22341679c3b36-9cc9c0d1a75f136d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/618b749155d0.js | 185.244.209.62 | | 481 B |
URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/618b749155d0.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJava source, ASCII text, with very long lines (480) Hash9abbe64ff2b544f35594e17905e4594c a7896739e9768216888018d2c4aec7c102e4d4a9 9f8032c080e2f3906f0c068bf43ef41084d6064f5df8be76b339fa87f7ad17eb
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/618b749155d0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 481
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "9abbe64ff2b544f35594e17905e4594c"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-785fe41d36ee0ca2df0c0814dda781c8-43d215fd9c37f679-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js | 185.244.209.62 | | 53 B |
URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashbb7e15ec1662efa164ad912bd1c65e19 bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52 a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 53
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "bb7e15ec1662efa164ad912bd1c65e19"
x-amz-meta-mtime: 1715184545.987120598
expires: Thu, 09 May 2024 21:06:08 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4a3245dcbcda0b269b940141ffb7d634-666670dcefe05876-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T21:06:08+00:00, 2024-05-09T15:58:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9f8e0e38189c.js | 185.244.209.62 | 200 OK | 68 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9f8e0e38189c.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (62971) Hash251c2d0e7b2bdb2f31ec97ef69d99d6f c5af6012f55f9f3ef0e53299fd6847394b1da5db ae331a6d23e38a3b03addff890a6c2320719184b3a6f3d90fe5f2eca07815c27
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9f8e0e38189c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"fd9612103f2362b8086939d1c920d9ed"
x-amz-meta-mtime: 1715184545.991120535
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-605d1729f243770e1d058abcb4317eba-c9128fbcf9256f43-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5aac26f85449.js | 185.244.209.62 | | 372 B |
URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5aac26f85449.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJava source, ASCII text, with very long lines (371) Hash1da4d94244cc89a54a946028d2eb3d29 f10149930729c1027544edfc80bc5cc93f36d5c0 511577657cf77e30361bdccc3485e5c33c30d0fc322f52592a7bd730ea45a6c9
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5aac26f85449.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 372
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "1da4d94244cc89a54a946028d2eb3d29"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:45 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5b6729659d872e2f19d92ebfbf364713-09a835e93316f335-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:45+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/327334405031.js | 185.244.209.62 | 200 OK | 424 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/327334405031.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJava source, ASCII text, with very long lines (423) Hash31bd7da0b4c3a29a840d1befac27cf8b ab07ed137a23fe5b743ec0589f6c5c0da7b85258 9a60e8a389d3cd93b0014468deb14c1921ade7deec0c8559a4682a09c3f6f25f
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/327334405031.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 424
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "31bd7da0b4c3a29a840d1befac27cf8b"
x-amz-meta-mtime: 1715184545.983120662
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4af0f1d88f5b49193cca83aad70f0578-dbe235324135ad7a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js | 185.244.209.62 | | 450 B |
URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (449) Hash056ce527a12544a37f984ac598be2344 6946b65cf1c68960e5f9ac0900a0df66a13e7e85 cd7cdf53c803ca43a37171180d14c2374e45ab347d309f9b83a107b9ad9b4ed1
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 450
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: "056ce527a12544a37f984ac598be2344"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 08:44:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fb2e3fdaa20afcd4575f9d0c91ddba49-8582a5dcd5a34509-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T08:44:30+00:00, 2024-05-09T18:23:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4f769aae21a0.js | 185.244.209.62 | 200 OK | 435 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4f769aae21a0.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJava source, ASCII text, with very long lines (434) Hash9161fb5b91a09b3026d143479dc567a6 c1fe731351fb1447e76ef38def2d2f869b025007 9a4b211be9ec541c8fbdf213a2ae7b270afdd22674f74ad12b9aec0a5ff6b278
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4f769aae21a0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 435
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: "9161fb5b91a09b3026d143479dc567a6"
x-amz-meta-mtime: 1715184545.987120598
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d0ebe82d849c4b0b74c57bb9729aa737-a03500bd41bdb8a6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.334/285/coloredSvg.svg | 185.244.209.62 | | 230 kB |
URL v3.traincdn.com/sys-icons/1.0.334/285/coloredSvg.svg IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size230 kB (229758 bytes) Hash463d98efe96f74407d9975d3eb473215 1de89a0776de55ae0b2cf4473209fd4b64adfea2 5547249e02ec5955885e041a48623a7f7e9510f968d00f730e75da997d74cacf
GET /sys-icons/1.0.334/285/coloredSvg.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"a6f668d0aabdde5402adab210db914b1"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:51 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4d3507e66e4a322d02b4885f0a537bd6-8c7a1def5bd65cc3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:51+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.330/285/common.svg | 185.244.209.62 | 200 OK | 125 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.330/285/common.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size125 kB (124616 bytes) Hash56b08b3dc9ef6c9f2aeab47b034e1516 882e4609a356b957c9b31b1cec80a7a3ef414cc1 1af8578edf74fc6dce0f77630c314c9a45843241d69ac4e41da5c6b081daff7c
GET /sys-icons/1.0.330/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 09:41:01 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713260458.134664491
content-encoding: gzip
expires: Fri, 19 Apr 2024 12:42:12 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a4d0855ab238299418e4e394fb6a19a5-72849c84128ceaf3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:42:12+00:00, 2024-05-09T15:58:20+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/dc17f2eac0cc.js | 185.244.209.62 | 200 OK | 67 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/dc17f2eac0cc.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash623eff5d2c5d020d43fc41e7624496f6 0d5df1c25dfe1b5a65bb11778f053dc1e690ffd6 99b2bcff98c9bf184eb0b113f8d94448290c10f7d7856bcc751e195755544aba
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/dc17f2eac0cc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"828079e9d4483fc9e3fecaf63823dc1a"
x-amz-meta-mtime: 1715184545.991120535
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-600cf8c77cf09e95259a9ea3e2121ed4-31ad881053a441e7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63748, version 1.0 Hash6887b6f24414dbc612dbf42ccdc76b70 8068d3abfbc6cbf35b55919da45b1f4d2d136238 fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:24 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2c6053897a52805985fe73175f22ad60-3e423408241344ce-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-10T04:08:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true | 178.253.29.51 | 200 OK | 67 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash3f907bc67cae905688bf5166af344ff2 bbf9a934c8e28732875b9ed47644c5c22439b16d 2e02684805b41f31d7e84b3691bc2ae31f8121269de3f75188d45ddbb7f57e8d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=5
last-modified: Fri, 10 May 2024 04:08:23 GMT
x-time-ng: 0.009
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/40295f87c48b.js | 185.244.209.62 | 200 OK | 66 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/40295f87c48b.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hashdb9a7b1778e7c3b92447e0173598ddbd f793ae26070c18ad65dddcd0c60fc39edf5022bc fdb20c01829df4206acd951568c10b031fac696b86813fa7a453ca99d7777306
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/40295f87c48b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"04021329a63deda1db56e389799543a2"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c06c4d3b4a7c27175c91dc09ef5e5078-4066d35227cd2305-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ea8313b1f9a.js | 185.244.209.62 | 200 OK | 7.4 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ea8313b1f9a.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash23076005c9fbb5970d5c46270f966ac6 f1a6493608464511862e09c0e3e080d227509234 534ab2417b03323b24b8364d87e18e6d593253891a28e2bde20f2f59cd7d6928
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ea8313b1f9a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"84c2ff24404b03b93539885d2c51922f"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1c8ea6478303016f9137e76c124dc3eb-d0c0648e29b14aa3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.8 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash57abf3b086bc9c0acea28983624156f6 41727bcb1e43667f99361ed6a00de1e8ff20bfd4 45fd7a861fdd0765e063560e1fa83c961daf14bf8161dc766abd9749430ea841
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:26 GMT
content-type: application/json; charset=utf-8
content-length: 9849
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:26 GMT
vary: Accept-Encoding
x-time-ng: 0.022
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.030
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.51 | 200 OK | 23 B |
URL POST HTTP/21xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash6c05036115a29c820a1736f37a768d30 c24535bbf6dd25c48ba5ca5e2b97b466dfa419e8 227ed44f50848eba16c1289b1ba4480d91946918fb60d632d3be377935d3a12e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Content-Type: application/json
X-Lang: en
X-Uuid: e11671d6-13d5-4dd3-a5be-ddfb46eee94e
Content-Length: 99
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:26 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/472977fdf26e.js | 185.244.209.62 | 200 OK | 1.2 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/472977fdf26e.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJava source, ASCII text, with very long lines (1461) Hash5b36e492bfb7db8388c8f7494065421c 38ea97f479a27b81641abc0fb3db694bd3e7fca7 2c0275ed56eae47f0c82c67bebe5effba12cf164afccceba6310363c957989b4
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/472977fdf26e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"2f5436be87ea646c3521311f827e6c73"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:45 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-56744b43d268e3b7163f9993080ec2ef-74d227ad2fbebc1d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:45+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715314102 | 178.253.29.51 | 200 OK | 1.5 kB |
URL GET HTTP/21xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715314102 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 1 x 1, 8-bit/color RGB, non-interlaced Hash2ab191270232b69235e28c9a7b00acab c8f66832080b5ed554d5c4ec6f89c019cbde335b 0f0747c40e1070084bcaf406276aca10b10be2c5aeba2f8c48905a248999e392
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/default/img/icons/pixels2.svg?v=1715314102 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=15, dt_total;dur=41.174, wf-uht;dur=0.050
traceparent: 00-6fc9eb5b241cddd47e54643cb583334e-2c628139cc0b44a3-01
x-dt: 285
x-time-ng: 0.029
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 | 178.253.29.51 | 200 OK | 237 kB |
URL GET HTTP/21xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Size237 kB (237334 bytes) Hasha17d6ff3bbf3a3309a6c6899d6066c47 9b52c8fa25a0ebdca03b9c0b91cf0b8f3092a1ae 27dcc300a0f1c6be498c34183c6f710e51a1887d8de4d5b854e682e69c7a6fc3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:26 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=24, dt_total;dur=25.667, wf-uht;dur=0.038
traceparent: 00-34ef5435ffb9ff5b9924cd7af41a5a93-e2043bd6d4703737-01
x-dt: 285
x-time-ng: 0.026
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js | 172.64.148.184 | 200 OK | 283 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size283 kB (283049 bytes) Hash88caa0a5306a65c4d4c4bb3520a417ea ee940d78c95008a9006069bb53551ce75c9b5d62 bc68a157a74d649422479348f5dfe974bd396f67609bccc100a3da00c4a52fba
GET /_next/static/chunks/pages/_app-9c47c295eecaa68a.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"f8027-18f381bf92a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 680447
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113868c00afe-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js | 172.64.148.184 | | 2.0 kB |
URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP172.64.148.184:0
CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hash1d10138d2d3c1ddfb54a850e972d632d 0c75132dc852de87e679c43c6081b2d350d404f8 5a8324498bb7b5d6531ca2aa5e160fdedc654c19ee5130e23f3ad3deea36d251
GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 811742
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113858b50afe-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO | 178.253.29.51 | | 26 kB |
URL 1xlite-461430.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashb37f7c2a19f7e14b5b834ec5532af277 473d039dc440744109c049a49da67a08e7157cbe 269006ae20bef66e40b26843e6e400dab00f45c297ea9a50ce467a2b9d3694bb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /paysystems/information/systems?lang=en&ref_id=1&geo=NO HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
content-encoding: br
expires: Fri, 10 May 2024 04:08:15 GMT
set-cookie: application_locale=en; expires=Sun, 09 Jun 2024 04:08:15 GMT; Max-Age=2592000; path=/; secure; samesite=lax
traceparent: 00-3e1ce2d8ca63bfd40db7829cde06da39-c24ecaf12833aa83-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.200, 0.202
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=214.661, wf-uht;dur=0.222
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V | 142.250.74.168 | 200 OK | 64 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP142.250.74.168:443
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (1822) Hash215c59b0bf5733e0afd86f01731df0b8 37a813f6047447c7f8e6d9cd85d1258de61a74c7 4e4dae7e1e614c53a95662266b7fd1eeb4c17e82ccb65a6fd981dd0b62f4a607
GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 04:08:28 GMT
expires: Fri, 10 May 2024 04:08:28 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64478
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 | 142.250.74.168 | | 106 kB |
URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP142.250.74.168:0
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (10899) Size106 kB (106476 bytes) Hash7b5d74a062481da3d37f70b341cc29ce a23626a39c03e7f1ff7f52c8be2e05d48d240b16 75a3027947ba12b5df92c819d702302ad54a00f2a5b89260cb073baf7a650f32
GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 04:08:28 GMT
expires: Fri, 10 May 2024 04:08:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106476
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| radar.cedexis.com/1/23802/radar.js | 45.54.49.5 | | 154 B |
URL radar.cedexis.com/1/23802/radar.js IP45.54.49.5:0 ASN#63911 NetActuate, Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashcfbeaf604823f038b8b46f0ac862b98c 7b9eb1dac48e74fa5f418bc456cb410f88b81d98 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 10 May 2024 04:08:28 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Fri, 10 May 2024 04:18:28 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/002d7fda3d62.css | 185.244.209.62 | 200 OK | 48 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/002d7fda3d62.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hashc73b431ccb04576a642f604dc6939a0b 1d5a3a288e9c99205359ea99009ae57fc754805d 9b0683c69c3d2d73e029bc6a495ddca7c35a31ab86615080da61cd19f9a59f8c
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/002d7fda3d62.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:18 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"294f3a633bf92f7b6f9141c2b31b4bf6"
x-amz-meta-mtime: 1715184545.983120662
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:36 GMT
cache-control: max-age=86400
x-time-ng: 0.012
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-68608f815c1c89548367c541df6b86ed-07d1256b7dcab04e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:36+00:00, 2024-05-09T11:07:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| radar.cedexis.com/1707728419/stub.js | 45.54.49.5 | | 271 B |
URL radar.cedexis.com/1707728419/stub.js IP45.54.49.5:0 ASN#63911 NetActuate, Inc
File typeJavaScript source, ASCII text Hash82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7
GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 04:08:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Fri, 24 May 2024 04:08:28 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1504649553.1715314109>m=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=482841831 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1504649553.1715314109>m=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=482841831 IP142.250.74.163:443
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97 ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1504649553.1715314109>m=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=482841831 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 10 May 2024 04:08:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true | 178.253.29.51 | 200 OK | 2.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash0615fe1d07bf9baf198a79d65eb94917 4c916b9e3a0af2d1e714312b28a77b79a38051ad 57ef07eb3f667ad09947a43420d88a26deb4776ae34dd945851c567de1170d37
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:29 GMT
content-type: application/json; charset=utf-8
content-length: 2699
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:29 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.017
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/f385e6db/_buildManifest.js | 172.64.148.184 | 200 OK | 303 B |
URL GET HTTP/2widget.suphelper.top/_next/static/f385e6db/_buildManifest.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeASCII text, with very long lines (519), with no line terminators Hash06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169
GET /_next/static/f385e6db/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"207-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 680442
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898d10afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true | 178.253.29.51 | 200 OK | 2.1 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash5a4d721ca1d28659d7a8e53b5378dbf0 e6e068a71afb37316a83a099b41c6b8ddbdcdbe6 5deb5df589ef6f81507b8a76efc8076793d4ee6864d938c6222f93d22caca427
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:29 GMT
content-type: application/json; charset=utf-8
content-length: 2084
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:29 GMT
vary: Accept-Encoding
x-time-ng: 0.271
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.279
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 | 178.253.29.51 | 200 OK | 2.4 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashecc89f9a4a2fe3423067a6508ed0650e b51208438586f69989f20d581c2fbd57e84ed886 bd499002d507dbbb2437b74e4586e57d9872af178375ffed7ee24ad7ff08780a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:30 GMT
content-type: application/json; charset=utf-8
content-length: 2417
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:30 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.013
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.8 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash87a379a5b4744dd3ec78cbd85e18d442 fc4d4803f6a98590541503a99cb88ca441bea7b9 5e1167fa28dc87ec1b2c1feb73f6bdc402aed2497aeac4ef50eec0a8d90c3a7f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:32 GMT
content-type: application/json; charset=utf-8
content-length: 9825
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:32 GMT
vary: Accept-Encoding
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/bfff49986d7a.css | 185.244.209.62 | 200 OK | 169 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/bfff49986d7a.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size169 kB (168621 bytes) Hash0a682fac494ae6eb5b5560838eb3128c 31f26e3473a9d9610b33f97a6bf2a3d54cf1532a f689f915a39edcd6560e4e0e2b701ad7cf898a3f98389c3ae601cac9f978357a
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/bfff49986d7a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"fd42a3c47441635be644d6248b61feb9"
x-amz-meta-mtime: 1715184545.991120535
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8cefa7c73395066128b1cc2fbdad118e-eda57a90476ce644-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 | 178.253.29.51 | 200 OK | 4.6 kB |
URL GET HTTP/21xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hasha17d6ff3bbf3a3309a6c6899d6066c47 9b52c8fa25a0ebdca03b9c0b91cf0b8f3092a1ae 27dcc300a0f1c6be498c34183c6f710e51a1887d8de4d5b854e682e69c7a6fc3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:32 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=42, dt_total;dur=94.577, wf-uht;dur=0.114
traceparent: 00-3162a90836045ad9da7e22a66d830a2c-c4a1ec871792bcbf-01
x-dt: 285
x-time-ng: 0.059
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true | 178.253.29.51 | 200 OK | 2.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash0615fe1d07bf9baf198a79d65eb94917 4c916b9e3a0af2d1e714312b28a77b79a38051ad 57ef07eb3f667ad09947a43420d88a26deb4776ae34dd945851c567de1170d37
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:34 GMT
content-type: application/json; charset=utf-8
content-length: 2699
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:29 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp | 185.244.209.62 | | 28 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hash77673f5b9062ff0a3565cba49941a954 f1c6d769ad6f256677c8558f06c4ee98d8e403d3 e78791dcbada0412db798159d9e781f2a50c12f04be4d0a4ecf96a617ec8b33b
GET /genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:37 GMT
content-type: image/webp
content-length: 27922
last-modified: Thu, 05 Oct 2023 10:29:56 GMT
etag: "77673f5b9062ff0a3565cba49941a954"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-14200ebd2a0ec5005db38340ad036866-5e543af6ff1db5b5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-05-10T04:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.8 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash87a379a5b4744dd3ec78cbd85e18d442 fc4d4803f6a98590541503a99cb88ca441bea7b9 5e1167fa28dc87ec1b2c1feb73f6bdc402aed2497aeac4ef50eec0a8d90c3a7f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:37 GMT
content-type: application/json; charset=utf-8
content-length: 9825
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:32 GMT
vary: Accept-Encoding
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 | 178.253.29.51 | 200 OK | 4.6 kB |
URL GET HTTP/21xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hasha17d6ff3bbf3a3309a6c6899d6066c47 9b52c8fa25a0ebdca03b9c0b91cf0b8f3092a1ae 27dcc300a0f1c6be498c34183c6f710e51a1887d8de4d5b854e682e69c7a6fc3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:37 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=25, dt_total;dur=26.807, wf-uht;dur=0.039
traceparent: 00-5e4f620fb13ce24d3babeaa2b111c9e5-c700f79a7161cd6e-01
x-dt: 285
x-time-ng: 0.026
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 | 178.253.29.51 | 200 OK | 258 B |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash6b410dd2c07ab8dc7ea3612945386685 9d9b746ddabe121ffedb7dff9e0aff03b92998b1 aa7e649282a2bbf5af23394e678496503278768e36b9f21c74ebe474806513e8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:38 GMT
content-type: application/json; charset=utf-8
content-length: 258
cache-control: no-cache
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:38 GMT
vary: Accept-Encoding
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true | 178.253.29.51 | 200 OK | 2.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashbf417647674982ff7ca73e3108a31b82 9e4b5a47b537967895371de0c95a2e3234d39e22 f2de6e315cd1334353fa667b8210e6b873aecca9fcf513c431315d2b4fa2b6fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:39 GMT
content-type: application/json; charset=utf-8
content-length: 2703
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:39 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true | 178.253.29.51 | 200 OK | 2.1 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash1ac2f99bcd42696d5486a78793290523 00724e0c55f0560cdaf4b0e20ee9490abf8accde fb67c30e90b3f0dbc0bc612a265f382013c2548d33d7c6a3daaecac35e71c1ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:39 GMT
content-type: application/json; charset=utf-8
content-length: 2083
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:39 GMT
vary: Accept-Encoding
x-time-ng: 0.066
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.074
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js | 172.64.148.184 | | 12 kB |
URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP172.64.148.184:0
CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hashce69c31a8391bf1dea3f8f7d698d59d0 f610203161a612bd09f632e5428fe6719bd8946c 154e0750da9d00be0245a800d32c1adea378ecaf4f0eb2dec1b7b054d4db5e9a
GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:19 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"8f42-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 820087
expires: Sat, 10 May 2025 04:08:19 GMT
server: cloudflare
cf-ray: 881711408c400afe-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp | 185.244.209.62 | | 23 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hash02c73c0e2eaa0c7ad721ac2bafa0bca7 c289c333ee79cc2a3e01d6302e941a22da5e43c4 bcf43c5ae29cad6787c98d92c0e91d7af3c1f912a4abdbca1d397a839e7f61cb
GET /genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:42 GMT
content-type: image/webp
content-length: 23162
last-modified: Fri, 26 Apr 2024 05:29:21 GMT
etag: "02c73c0e2eaa0c7ad721ac2bafa0bca7"
x-time-ng: 0.045
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1dd75be18f2f8fefceaf4b064f404cf4-f6ab6efd5d3ab6bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T05:30:05+00:00, 2024-05-10T04:08:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.8 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash1c27854df947c1b4c060c3f381278cdc b18f9458f5d82820ccd90119bf3b9a31ed765a4b f83b558cc98683208ae70474755e745406cd51921a491038219f1a01870281f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:42 GMT
content-type: application/json; charset=utf-8
content-length: 9780
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:42 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 | 178.253.29.51 | 200 OK | 4.6 kB |
URL GET HTTP/21xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hasha17d6ff3bbf3a3309a6c6899d6066c47 9b52c8fa25a0ebdca03b9c0b91cf0b8f3092a1ae 27dcc300a0f1c6be498c34183c6f710e51a1887d8de4d5b854e682e69c7a6fc3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:43 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=24, dt_total;dur=25.327, wf-uht;dur=0.038
traceparent: 00-ee5b3b3182a5f62686732cd6fb868a02-ac77b36de0f1ae1e-01
x-dt: 285
x-time-ng: 0.025
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true | 178.253.29.51 | 200 OK | 2.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashbf417647674982ff7ca73e3108a31b82 9e4b5a47b537967895371de0c95a2e3234d39e22 f2de6e315cd1334353fa667b8210e6b873aecca9fcf513c431315d2b4fa2b6fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:44 GMT
content-type: application/json; charset=utf-8
content-length: 2703
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:39 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js | 172.64.148.184 | 200 OK | 564 B |
URL GET HTTP/2widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hashf9855773e1f0be7dc6898bb95de93f10 e55e9832cf7bb1a6ed01dbb4b44351a3e0edcf8f f5f5db09753e517e1c05f08b5d40c926ef58d57d64899d0d4daa0d008f7139e4
GET /_next/static/f385e6db/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"4d-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 680448
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898d20afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| pp23vi1.com/static/pixel.gif?1715314124580 | 178.253.14.123 | | 43 B |
URL pp23vi1.com/static/pixel.gif?1715314124580 IP178.253.14.123:0 ASN#202492 Silverhill Group Holding Ltd
File typeGIF image data, version 89a, 1 x 1 Hashad4b0f606e0f8465bc4c4c170b37e1a3 50b30fd5f87c85fe5cba2635cb83316ca71250d7 cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /static/pixel.gif?1715314124580 HTTP/1.1
Host: pp23vi1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:44 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp | 185.244.209.62 | | 21 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hash1e9191583a9bca6627e85945c6c5d3f1 f2d4d5e76e448d1dd986c9616a660ae6c7806dde 733d49aa25dab77ba7fe51a0a831f51e988d3201c5cfc6fbc808c3b2c59b48c1
GET /genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:47 GMT
content-type: image/webp
content-length: 21412
last-modified: Fri, 12 Apr 2024 09:23:52 GMT
etag: "1e9191583a9bca6627e85945c6c5d3f1"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-12T09:33:12+00:00
traceparent: 00-1b8449f26491b971285ed604440cc6e0-a70a0bc3acf067c5-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.8 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash37172274397007062ef0377ac8b7c4cd c7ae8110370392634f59bf604c95ecfe6a61fb70 602f2eba34c0562570f8c15a6a0b28fc8ec544fe709539081c47119a573a6179
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:48 GMT
content-type: application/json; charset=utf-8
content-length: 9786
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:48 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 | 178.253.29.51 | 200 OK | 258 B |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash6b410dd2c07ab8dc7ea3612945386685 9d9b746ddabe121ffedb7dff9e0aff03b92998b1 aa7e649282a2bbf5af23394e678496503278768e36b9f21c74ebe474806513e8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:48 GMT
content-type: application/json; charset=utf-8
content-length: 258
cache-control: no-cache
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:48 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true | 178.253.29.51 | 200 OK | 2.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash0f96d941780b99bd25d80d3e0ce02167 1b23c514d1dd96f18f9bd9d45c03acd818845a60 fc22aeb5f35292aee29cd6c365920a8d132022502f2a73d8eba50745d3006c3a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:49 GMT
content-type: application/json; charset=utf-8
content-length: 2694
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:49 GMT
vary: Accept-Encoding
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true | 178.253.29.51 | 200 OK | 2.1 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash159acbf75180f74f64b0981769813756 abba7783e46f2a4d36f79e7e9ed57d769f0f52c5 493e7b6b78dcc1229ab384041713c7ab70f9d9b7cd7b652010153b6394ad1473
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:50 GMT
content-type: application/json; charset=utf-8
content-length: 2085
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:50 GMT
vary: Accept-Encoding
x-time-ng: 0.062
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.070
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 | 178.253.29.51 | 200 OK | 2.4 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashf182d52bb270da674b707402ca1ba5b0 ccbce89aa99f752c06acec7e00194814950dd449 334f53da07bd0b1e78eed7c33d79b3c4f41a9e648d9fcdafa20c229dc18213fd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:50 GMT
content-type: application/json; charset=utf-8
content-length: 2427
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:50 GMT
vary: Accept-Encoding
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js | 185.244.209.62 | 200 OK | 32 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 7382
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cd6"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fecc1b72bae4e17e668d37b2787a405d-fdc406c41ca4406d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js | 172.64.148.184 | 200 OK | 107 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size107 kB (107186 bytes) Hashd0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5
GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 816024
expires: Sat, 10 May 2025 04:08:18 GMT
server: cloudflare
cf-ray: 8817113898cf0afe-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c6409e21932f.js | 185.244.209.62 | 200 OK | 731 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c6409e21932f.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (754), with no line terminators Hashc349ca92c209152e9f8f6f8a9e41d413 a63b3601a5fd052a850c4ac562ad20f8e63e5eae b27b91835745617650b4410ebd07b094f0319340f1e364d594b3efaa9cc4440e
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c6409e21932f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 731
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: "79c1e0d539880fd610f91e5b16085eec"
x-amz-meta-mtime: 1715184545.991120535
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d1b4ca14f5bac6d002ce26969aebb7b9-c49d16c31c4c53a3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 | 178.253.29.51 | 200 OK | 4.1 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with very long lines (4981), with no line terminators Hash751af57551a8b95e45297d090cc48dbf d90daf677f4f74e56b519023736feb1a5f49ae21 9a2de490426f13dc127623402f0ebf2677ee9aa1b5cd9c157971e13a4c2b2352
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:19 GMT
content-type: application/json; charset=utf-8
content-length: 1448
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:19 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/08646c799532.css | 185.244.209.62 | 200 OK | 17 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/08646c799532.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (16987) Hash68721335fcec1406a789e81bb2cfef91 03c0a4c84fe4fde3f9c5f76eba498de26ecfe4b1 08646c7995320ed62abc174cc01c935d98236c3bc27710d9ab2abf1ea82e0458
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/08646c799532.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"68721335fcec1406a789e81bb2cfef91"
x-amz-meta-mtime: 1715184545.983120662
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a390dc7c7fe84ee38d7d2966c1c6d29b-20d94c688c56e611-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/hd-api/external/api/web/v1/j/634g0g0e8l311g0f12ce75e27b63c5f9ba7d3ab552453a6ed2e0 | 178.253.29.51 | 200 OK | 619 B |
URL POST HTTP/21xlite-461430.top/hd-api/external/api/web/v1/j/634g0g0e8l311g0f12ce75e27b63c5f9ba7d3ab552453a6ed2e0 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (625), with no line terminators Hashd4ba0344dc3ad109819b4b1cf5b922b8 b1672f5ecc896b99bd511a450629d80342484db1 1732f0540437b318d794a20d5053eff39934f459767b70eb49d7eb50d5628554
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hd-api/external/api/web/v1/j/634g0g0e8l311g0f12ce75e27b63c5f9ba7d3ab552453a6ed2e0 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105936
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:26 GMT
content-type: application/json
content-length: 516
content-encoding: gzip
traceparent: 00-465f5a88929c9aa976c1134966d84fc6-3310e811b57510e4-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 90033d87e85ba7259a5aea606932c6c1
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=8.916, wf-uht;dur=0.034
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-b5724bd6.js | 185.244.209.62 | 200 OK | 16 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-b5724bd6.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (15997) Hash6d90c5998c2ceb8a008e3c6eef4c55e5 6b68a02d6362d6661be529eff19cf1baade8d48b b1e36624011507a84987d59ffc7f689b32e47476be990c1add266f24c00c1088
GET /_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-b5724bd6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 5562
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-15ba"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:49 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-df2c867f64652ac3d4c66c7e1bbbebd0-9cfe9a50c29ccb33-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:49+00:00, 2024-05-09T11:07:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js | 185.244.209.62 | 200 OK | 1.0 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1036), with no line terminators Hash305de1535e3f2a45efa2f1dd096f496e 9fd79178b39d8a196f9f3640758cc5285f5914fd 9b0fc84933536e9c4ca4b8013f656f393c6073e746901340133cbc11059aec46
GET /sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 14:32:04 GMT
etag: W/"8fecd56fc5520134f3c39b17431fe0c2"
x-amz-meta-mtime: 1715264772.785909534
content-encoding: gzip
expires: Fri, 10 May 2024 15:18:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e4f2053d156e00a10addcfde60007105-c335b522e128bb79-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T15:18:07+00:00, 2024-05-09T15:59:41+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json | 185.244.209.62 | 200 OK | 22 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/betstemplates/bets_model_full_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:18 GMT
content-type: application/json
last-modified: Thu, 09 May 2024 14:03:54 GMT
etag: W/"65c4f8441dea9f78c50a9fc7029f9193"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8e300a093c9e9878a8c559e17e07186b-d59d00054f9c6b5f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T15:51:33+00:00, 2024-05-10T03:13:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js | 172.64.148.184 | 200 OK | 108 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size108 kB (107844 bytes) Hash83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75
GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 806182
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113868bd0afe-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg | 185.244.209.62 | 200 OK | 1.2 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash1ff133ab01d208b0d686dd88d85e239a 86a0501b79a1c553eadc829177a9e6ffff1948be 9ac21c63d1c8b7abe4c94550a731baff995d34c745c1d08fdf8d5e5c8de268f1
GET /genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Apr 2023 11:51:30 GMT
etag: W/"3ae81b002dca46d3b732ce3e03ae35c6"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c3a1e3ca0e3ffd435e86d6d5da0c5dcb-367787c3e6d3b968-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:36:11+00:00, 2024-05-10T04:03:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-244fe993.js | 185.244.209.62 | 200 OK | 76 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-244fe993.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash355ce5bc5ad3ce4d9f2f42f33af33a73 3cb3452330b81cf844be98de00fd4c54717c7cf8 0a79ccdbc986e060b53a249945fd32b5a2b892bfcae6cf9ff7dac154ad05d380
GET /_nuxt/desktop/default/vendors/RegistrationWidgetApp-244fe993.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 20768
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5120"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7ff58f6dfe1ac8c8bc4bf878769fb7a5-65d6486cc5f483b4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-09T11:24:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/4110.webp | 185.244.209.62 | 200 OK | 752 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/4110.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashbf6f7c70498b7da87ddcc88dcfea013f 764c8064e06fdebe2c5de4709de3cc73d5e4e845 f0b4189aaac44a4515576cc12c9725eadfa6a9e104834fb0d8c1141029eaf63e
GET /resized/size16/sfiles/logo_teams/4110.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 752
cache-control: max-age=94608000
content-disposition: inline; filename="4110.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 12:15:03 GMT
x-request-id: 3d039d8bf195f57a87434b334b4c528e
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cccfd31882514077be367d9377d1a541-a651109d431cdac4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T12:15:03+00:00, 2024-05-09T15:12:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/35fa91628fa4.js | 185.244.209.62 | 200 OK | 24 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/35fa91628fa4.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (23507) Hash1c8f8a55f3c3a7955b08ed9c055a1b3e 3a31f8d3cbaaaf74e4616c9ab944919e0cd4c70a f900155624ef7437112d00e9a9966a755cb6588dc9c19bbed7a6de031502b8f9
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/35fa91628fa4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"1c8f8a55f3c3a7955b08ed9c055a1b3e"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e6bf3cfba270c26403c6107b45bc93eb-0f81342abea8e6e2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/4a689a87d8ebf60b4364d9d9327b1da2.webp | 185.244.209.62 | 200 OK | 784 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/4a689a87d8ebf60b4364d9d9327b1da2.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hasha30f5eeaa542f15042b79418b5cea3af f5a7359f28149b66804de9d31306a5f3368963e9 6ce13a766ae93a94e3d125f839fe38db43dcb2029d01c9c5f3682ded2faf6526
GET /resized/size16/sfiles/logo_teams/4a689a87d8ebf60b4364d9d9327b1da2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="4a689a87d8ebf60b4364d9d9327b1da2.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 13:28:38 GMT
x-request-id: 3302163ecfee47064da468175702d282
x-time-ng: 0.024
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9f737f54c18b11489c4bfdd387227b36-4a5e56a5b6562f73-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T13:28:38+00:00, 2024-05-08T13:29:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/532218eba9ad19dfb7c6511f5f91fc3e.webp | 185.244.209.62 | 200 OK | 784 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/532218eba9ad19dfb7c6511f5f91fc3e.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash0944eb0801862630a4b35752cb8df917 c3722a7ce36aba09dfa64afe9a4fd7696da1cf59 0da704f6a95a24db65f6d19691a12806f18a2619678dd221c2bd580bfbbfd2d4
GET /resized/size16/sfiles/logo_teams/532218eba9ad19dfb7c6511f5f91fc3e.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:16 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="532218eba9ad19dfb7c6511f5f91fc3e.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 00:55:18 GMT
x-request-id: aa58cab5b8991b329f298cc3afd79e58
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-32c0cb8f1d57452b47372e846e3762f8-eb1245ef613df3bb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T00:55:18+00:00, 2024-05-06T17:12:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg | 185.244.209.62 | 200 OK | 147 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 1380x248, components 3 Size147 kB (146802 bytes) Hash30217fec6a8f72391df21e9bc8e93cc2 1a54894f595d2053120c266d06ed2f225d088c18 5b04fa58c5e4599d45377aebcaaef7dc64d175852ff7fdac774d71bdbb4d02dc
GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/jpeg
content-length: 147402
last-modified: Tue, 11 Apr 2023 18:15:17 GMT
etag: "9d1ab102184100544b4a72fcc6a8c458"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d097fb77b066625fd6257355deba17af-4bf4fefb0de21ee9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:06:31+00:00, 2024-05-10T04:06:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp | 185.244.209.62 | 200 OK | 8.9 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp Hash7a49dad906575c61dd636edbe1201479 d4bf0fbfadca8c6d3a7ec8f3d34d08fced98a21d 0e0cd085244f6272acfa6794d90e32685fa203973e85c62fa96f02cddf7172c6
GET /sfiles/games-images/game-previews/190x102/game-58.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/octet-stream
content-length: 8880
last-modified: Thu, 31 Aug 2023 08:11:00 GMT
etag: "7a49dad906575c61dd636edbe1201479"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:21:44 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d76cc97c786433612c7b74443c11af6e-a2fa8351f0fe9a52-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-09T08:16:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size24/sfiles/logo_teams/1996.webp | 185.244.209.62 | 200 OK | 1.4 kB |
URL GET HTTP/2v3.traincdn.com/resized/size24/sfiles/logo_teams/1996.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash886a20096e1c4869d510740a41df5812 7a9a79a4ca6251afba1a3910efeb6bca4a425ee6 3b8952ad0299b2b7039e1dc767edeaa840348e71ae43b3805badd8a6fb2a4598
GET /resized/size24/sfiles/logo_teams/1996.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 1392
cache-control: max-age=94608000
content-disposition: inline; filename="1996.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 11:19:47 GMT
x-request-id: cd48375ed13b2fcc5782e27042338191
x-time-ng: 0.067
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7fd02df4f6f10bd94704ca1254e30b43-6a2715186285724e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:19:47+00:00, 2024-05-08T11:29:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css | 185.244.209.62 | 200 OK | 36 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (36387), with no line terminators Hashe6a26e7156450d40bffd62c65dd8a90c 3fa5029748cba881c7be759257525f206cb8e81d 5c473dbebadbf8c838ef80cc2106faa4c96d3822f7d61dd282e2cd11c680eec0
GET /genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 09:12:07 GMT
etag: W/"e6a26e7156450d40bffd62c65dd8a90c"
content-encoding: gzip
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-964caf0eba3ca8435aa92f49bd7c096b-faadd988eb23bad7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T09:19:03+00:00, 2024-05-10T03:22:53+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js | 185.244.209.62 | 200 OK | 26 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (25972) Hash6d75d9fb64764579504c00ce537f6ff1 5661eb661bdef0a6a8bdd029ba5b7b9eb050e15e bf2a87bf4b4484a7ff05c40e1b4c94a316800dedb9445359cda5e43efa825d9f
GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 8522
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-214a"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8f813fecc2fc3372a75fb6b0ccd2e57a-2feb76ff4f0e0ed0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/hd-api/external/api/web/v1/converslon/load | 178.253.29.51 | 200 OK | 33 kB |
URL GET HTTP/21xlite-461430.top/hd-api/external/api/web/v1/converslon/load IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash04e6ed7d770439e36f5ab4108e819bb4 bdec5b6797c0b192717db2e049651eb3e99bd709 d22e2c9fb29ad742fcbf751c9b0296253ef0e49b410684e4b0a3deda31cfdfa1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-779e866d1c866205d829969d64c8d3ef-9a12e92c42d989bc-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: f75d0543852348e927a2a203223259b0
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=5.255, wf-uht;dur=0.013
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/f5fc4930530797a82db38c2cc8fa8557.webp | 185.244.209.62 | 200 OK | 656 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/f5fc4930530797a82db38c2cc8fa8557.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashb86fd4a0095c5474eb197614869941dc c0bac0876d91c86f4044285fe80b3a17dc26ff5b 1dccaa89d539bb247bf3107d6bf6cf3ef3631e5fa73cfb5668ab8da7b8bacb3e
GET /resized/size16/sfiles/logo_teams/f5fc4930530797a82db38c2cc8fa8557.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 656
cache-control: max-age=94608000
content-disposition: inline; filename="f5fc4930530797a82db38c2cc8fa8557.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 00:25:39 GMT
x-request-id: 9385cf712589399d6e754b181873b990
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-31dcec0b1755b74ff7a16d3091adb9db-2e6a76bb07bdb8a2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T00:25:39+00:00, 2024-05-07T21:40:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png | 185.244.209.62 | 200 OK | 5.2 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 514 x 514, 8-bit colormap, non-interlaced Hashb9a636eef54b2844b571fe7de49184a7 bf653690790ced40eb3189da075a275d951d1607 001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743
GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:26 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-75409a12a67e265e5dbdcadb6d9fac0b-f95f7d327c89a33e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-03T07:12:40+00:00, 2024-05-10T03:33:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/38023f75e90b.js | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/38023f75e90b.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1556), with no line terminators Hash46de4e50e73a04e8307048b4d1139985 516cc776a642163fd602e85b589886996d609d5d 270fc9804f59ef70ba5996b1a07f91d2c994a7ad51c4b482ce93cb164b81e023
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/38023f75e90b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:15 GMT
etag: W/"8a7d471cf2bc2319c80b135e841a4440"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:45 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-261cc0f0e1d527b07cf9c037a8f62c52-1277b1fc0d61343c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:45+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js | 172.64.148.184 | 200 OK | 141 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size141 kB (140949 bytes) Hash896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4
GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:17 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 11 Mar 2024 06:37:37 GMT
etag: W/"22695-18e2c3b24d9"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 811742
expires: Sat, 10 May 2025 04:08:17 GMT
server: cloudflare
cf-ray: 8817113868bc0afe-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/registration | 178.253.29.51 | 200 OK | 3.5 kB |
URL POST HTTP/21xlite-461430.top/web-api/registration IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeUnicode text, UTF-8 text, with very long lines (3790), with no line terminators Hash6404887dd8d444876d728785f6314374 0cddac90bc90d8d1e52211d25ea728b96441efb8 783ced4de55511848ae604cd1f938fb701451edc082773f2b0b90cf5e84e3b22
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/registration HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 17
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:19 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=31, dt_total;dur=32.414, wf-uht;dur=0.044
traceparent: 00-fb1ffd9736489b9e33ebe8b361d169bb-c0978fa1d76b3277-01
x-dt: 285
x-time-ng: 0.032
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css | 185.244.209.62 | 200 OK | 5.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (5171), with no line terminators Hash5d231bea9b7df6bc1e9e74e3c0a231e1 2ef607f0c766fff1b4b1e90a2d98e7094c81721e c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b
GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/css
content-length: 1050
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-41a"
content-encoding: gzip
expires: Fri, 10 May 2024 08:09:42 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bb3eac87c39217f4166b9b964af8f1ac-2f8fc28efed86090-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T08:09:42+00:00, 2024-05-09T13:02:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 | 178.253.29.51 | 200 OK | 4.1 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with very long lines (4981), with no line terminators Hashba370cdc967018b5d26504fc2eeb739f 3e18f765f49d029524830e390796c1ac22103c7a fe6f5d8eae8ef24fd85e4cd22a8745ec1fdade9f41b0294e5746d1b73a7cbf30
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUG1yVHlhUjZGK3FSVHg0V3FmY0dNKzhWUGlKT1NhZUpRSmJYbXd6UlBna0wyZlVvbVcvVm0wK1ZPSURFRHdPVjlPQkMxUVhjZWFKUVd0M3BacWNLSlFKKzNka0FkTWRaNGlkSE0xYkhrVFFOU1AxOXlkeXRVQ2RFbzdRQ3p6aG1nNFBPZHg2UExTZEMrRlFyMmk3dnBHNFcxVGpnY2FwWklyRVFYaHNNaC9HZFFSUjUrdlMxUm1vMElwSGkzaGtJWDdKeG5GRWZWSk0zK294UFExQ2R4T1B4Qm5VaWlVUkxlWUVLMEpRS1I5U25Fa20wUG16U3NKVm02ZnR0UEJHSjFOdXhsU0ZPSThkUHNTZDVMd2dBcStST0JUbFBMUW1ubDczcGZZaDBYWFQ1IiwiZXhwIjoxNzE1MzI4NTA2LCJpYXQiOjE3MTUzMTQxMDZ9.e9ZRcEv0RBgnHk6EOuNW-FO7D4wgnlG6Irm8nlgUFLW1IrQBuZifROt90ZV-UNCfk3vVOoqugrbAZXsKb78i5A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181; _ga_7JGWL9SV66=GS1.1.1715314108.1.0.1715314108.60.0.0; _ga=GA1.1.1504649553.1715314109
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:32 GMT
content-type: application/json; charset=utf-8
content-length: 1448
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 10 May 2024 04:08:27 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715314097 | 178.253.29.51 | 200 OK | 90 B |
URL GET HTTP/21xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715314097 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 1 x 1, 8-bit/color RGB, non-interlaced Hashe45f90dcbe718dea3476c4b69b501a4e e9af26a93c467a77e4733ec537f4f5ce7a4ba089 a439dd8761d9fd4ff88e82e83200877703594491065880dbd4e59ddf4ce1b204
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/default/img/icons/pixels2.svg?v=1715314097 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:18 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=15, dt_total;dur=461.197, wf-uht;dur=0.469
traceparent: 00-6b036655ab51f72c4fcfaf01eb7dea2e-0ca59fd66578a02c-01
x-dt: 285
x-time-ng: 0.261
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js | 185.244.209.62 | 200 OK | 101 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (35828) Size101 kB (100701 bytes) Hash51ddc52774f4e5bd6a6f1c22e9d19674 374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4 642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442
GET /sys-static/shared-assets/__shared_chunk_M4D4AAJL.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 07:12:11 GMT
etag: W/"51ddc52774f4e5bd6a6f1c22e9d19674"
x-amz-meta-mtime: 1715238619.542425469
content-encoding: gzip
expires: Fri, 10 May 2024 12:42:09 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-39b133cbfb38c5c815d4f2a71a1fbf8f-0b71869b786f1943-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T12:42:09+00:00, 2024-05-09T12:51:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/bff-api/config/all.json?lang=en | 178.253.29.51 | 200 OK | 123 kB |
URL GET HTTP/21xlite-461430.top/bff-api/config/all.json?lang=en IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Size123 kB (123027 bytes) Hashffaeb60ed9fc6828a74fc178b465a21c 0fb0ad3b58ed570f1dcb8e4a406f28f10cca5aca 7711f9698c05e565d7051fb73613b3fce3cec8a2f86100315483205e2421e7c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/config/all.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280; che_g=988aae57-0a17-dcd9-26f8-4ac69e993cbf; application_locale=en; _glhf=1715331871; sh.session.id=379a3ea7-a3e4-40fd-9eee-3ddec1afa16f; ggru=181
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=3.44, dt_total;dur=45.201, wf-uht;dur=0.054
traceparent: 00-476533670fd2733c938489c48987e8b7-8399e1eb7db54083-01
vary: Accept-Encoding
x-cache-expire: 482
x-cache-hit: 1
x-dt: 285
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7774130ac645.css | 185.244.209.62 | 200 OK | 73 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7774130ac645.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash72d7956858a098291f07282500a246ed e21f7354594691b0892511b47f2887ed5edbdfa3 7774130ac645e01567a229b29aed1c27db16fff07abee04db668b57d9673f980
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7774130ac645.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"72d7956858a098291f07282500a246ed"
x-amz-meta-mtime: 1715184545.987120598
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1714dcca2bd5400a72dc5723f7ae3a87-84f7d820712ad3c2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css | 185.244.209.62 | 200 OK | 1.0 MB |
URL GET HTTP/2v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Size1.0 MB (1048668 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sys-ui/3.2.3/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:18 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 19 Apr 2024 10:53:25 GMT
etag: W/"64d292a033c097211f9f4c21ffbcb2b0"
x-amz-meta-mtime: 1713523729.13591556
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:54:48 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3750517b7b7c57d428eccb040218eb6f-d6866490c5d7a0bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:54:48+00:00, 2024-05-09T15:24:01+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size14/sfiles/logo_teams/4098.webp | 185.244.209.62 | 200 OK | 638 B |
URL GET HTTP/2v3.traincdn.com/resized/size14/sfiles/logo_teams/4098.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashbcb5eff8c000da9af1303576b304fb18 412933d6a0b0dd7e85490fdc14d5274159bcd39e 9ecb8865152fa80150401153a6a07f7f7504d9647759d983ef0b2e164aaaaef7
GET /resized/size14/sfiles/logo_teams/4098.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: image/webp
content-length: 638
cache-control: max-age=94608000
content-disposition: inline; filename="4098.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 11:28:01 GMT
x-request-id: bab7ec5e1b0e16ccac119e2edb17de4d
x-time-ng: 0.050
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c96b60fadd856c23f60195dfe1eedf7f-a86304b839a42175-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T11:28:01+00:00, 2024-05-10T02:56:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg | 185.244.209.62 | 200 OK | 1.2 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hasha436db0af736498349f0127d8e7fab1e b07e2c449cf16ddb052ce40d881db13a0c890b9b 93261a519c1cea62e2c934496d5e0cbd1cbc8f65b4961811316e55d9e7c96ede
GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:12 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4b05eab9417d52e1cc5451fbe0315395-61e04705531cabca-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-05-10T04:02:29+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js | 185.244.209.62 | 200 OK | 69 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32238) Hash138de5d55ee831195dd90bbf5c557926 4413082980942643803d8d4567df2f8395c0e868 55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd
GET /sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 13:08:03 GMT
etag: W/"138de5d55ee831195dd90bbf5c557926"
x-amz-meta-mtime: 1715259983.675899864
content-encoding: gzip
expires: Fri, 10 May 2024 15:18:16 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c879246a9459e01f4aaa6b07c6af4692-7e320f539acfd181-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T15:18:16+00:00, 2024-05-09T15:57:58+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js | 185.244.209.62 | 200 OK | 25 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (17403) Hash701ad5a22b8ea7213a53e334d0898349 87749d947f6aa40eb671447b58261d710ec5479b 07669c2ea7c29dd69e47f5518ba73b76389f3479e19f7362b461ef0fff96c1f0
GET /sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 09 May 2024 07:12:11 GMT
etag: W/"701ad5a22b8ea7213a53e334d0898349"
x-amz-meta-mtime: 1715238619.542425469
content-encoding: gzip
expires: Fri, 10 May 2024 12:42:09 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cd7b9fd8d8f75de86d9504f0c0fcddd7-4ff03e77ea4c6afc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T12:42:09+00:00, 2024-05-09T12:51:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg | 178.253.29.51 | 200 OK | 263 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeSVG Scalable Vector Graphics image Hashdbc38523726c88d79a0dcc19839a6905 5244c0aeaf9bbffb286ca9156844c4a509a5585a 6711e073efb320b48b648ac5e2e30e88c93829d80ed571b4d3c92cf4e56e4fa4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:15 GMT
content-type: image/svg+xml
content-length: 263
last-modified: Fri, 23 Feb 2024 10:01:24 GMT
etag: "28e2c161800b61b985a163f5c492ae51"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/ec1e426c7393450f663015d72acc2292.webp | 185.244.209.62 | 200 OK | 680 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/ec1e426c7393450f663015d72acc2292.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashb17065f001157df262fb278c8793c3de 3ad689b20495df4d88ff0b5506688a287f24a86e b12afb6e701eafa95d35c0b27e82b2f4bd38f5c3f7007a82daaca6456dc196cc
GET /resized/size16/sfiles/logo_teams/ec1e426c7393450f663015d72acc2292.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:21 GMT
content-type: image/webp
content-length: 680
cache-control: max-age=94608000
content-disposition: inline; filename="ec1e426c7393450f663015d72acc2292.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 07:00:13 GMT
x-request-id: ced9901dd30ef69a1fcda5e70dbe13c8
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-28c4997e6b4b6ea3bf96210988981dcc-ca5d6bccd681374b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T07:00:13+00:00, 2024-05-08T17:10:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22379a3ea7-a3e4-40fd-9eee-3ddec1afa16f%22%7D | 172.64.148.184 | 200 OK | 24 B |
URL GET HTTP/2widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22379a3ea7-a3e4-40fd-9eee-3ddec1afa16f%22%7D IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashd6bacfff68d40ad2744454c2506cc0f9 85f1f094d174fd4d78bd382c7948b95e9db93215 cd0483a083f6c73e9cd006ee073b875188c49f4025f771ecbcb795d40ac980ed
GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22379a3ea7-a3e4-40fd-9eee-3ddec1afa16f%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:08:19 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 881711406c3a0afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/fba16e275a7f.css | 185.244.209.62 | 200 OK | 1.1 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/fba16e275a7f.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1060), with no line terminators Hash4250681e9638701710d7a39789f5d5d7 8e9035ac672487139578aeb90420b7d8be7aa46f b178f0c5e4011b7d34746093ec203b2dce86c2e1b8795efe8af7f21437adbd85
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/fba16e275a7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:22 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"09cc238307fce08863e8f51282885df9"
x-amz-meta-mtime: 1715184545.995120472
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-984b81e65bac9b90c43c6a1f8a93e990-1fbba8da3235cb03-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:57+00:00, 2024-05-09T11:07:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e9c3c91c857e.js | 185.244.209.62 | 200 OK | 1.0 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e9c3c91c857e.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1063), with no line terminators Hashf1b354548908409d1a1339f2cf2019bb 8708595f8d7de989760cd5cbf7b6304c44ee9305 56326bbc4cb79494e0303b407d706799ceab518e26cc7013e9c2f15afac5beaf
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e9c3c91c857e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"79b20e2721490ad601fb0a6be2cac709"
x-amz-meta-mtime: 1715184545.995120472
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6900679543bc933e31a60abd9ae1a28f-3224c853c5df8abe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/version.json?timestamp=1715314094035 | 178.253.29.51 | 200 OK | 11 B |
URL GET HTTP/21xlite-461430.top/version.json?timestamp=1715314094035 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashb5e183e29f10d2c0e84afe94c66794e5 6ed05bb7968c0e6d76c9988d54ca9feb484a16f0 4dd88e5f3a38dfa4a71f871df86fb936135e09555ae04d3ec37dadf59b13ac4f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /version.json?timestamp=1715314094035 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp257f02bac0_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%22a279f740-0e82-11ef-a11c-13b1386675ba%22%7D; platform_type=desktop; auid=sv0dM2Y9nasaCwEqAxv7Ag==; SESSION=9f380f46355365c8b1352b8a6ff35e0b; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:14 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 09 May 2024 07:16:12 GMT
vary: Accept-Encoding
etag: "663c783c-2c"
content-encoding: gzip
expires: Fri, 10 May 2024 04:09:14 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/918f54786acc.js | 185.244.209.62 | 200 OK | 1.4 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/918f54786acc.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp257f02bac0_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=a279f740-0e82-11ef-a11c-13b1386675ba CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1424), with no line terminators Hash422bf446d8c95d96c215381bbf71062d e4d3ea7751e0410e4a453b0465ed8a1f7fff1177 9547ce46eef6a9bc2de8bf243f5a996271c6b912eb1f47f8168834c1bbd04501
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/918f54786acc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 04:08:23 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 16:11:16 GMT
etag: W/"f06694004f6f9f402370d0b451d32116"
x-amz-meta-mtime: 1715184545.991120535
content-encoding: gzip
expires: Fri, 10 May 2024 10:43:58 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a50890b3dd134d946010cd8975e0868e-54b9a75a30eefe88-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T10:43:58+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|