Report - refpaucqkl.top/L?tag=d_151095m_23801c_[]MS[]null[]null[]general[]28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click

Report Overview

Submitted URL
refpaucqkl.top/L?tag=d_151095m_23801c_[]MS[]null[]null[]general[]28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
IP
45.135.120.2
ASN
#56630 Melbikomas UAB
Submitted
2024-05-07 15:51:21
Access
public
Website Title
1xBet ᐉ Online sports betting ᐉ 1xBet online bookmaker log in ᐉ 1xlite-461430.top
Final URL
1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
120

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
widget.suphelper.top	unknown	2023-08-02	2023-10-04	2024-05-02	5.5 kB	1.6 MB	172.64.148.184
pp23vi1.com	unknown	2023-03-09	2023-04-06	2024-05-04	439 B	387 B	178.253.14.123
1xlite-461430.top	unknown	2023-08-11	2023-08-11	2024-03-26	115 kB	1.1 MB	178.253.29.51
refpaucqkl.top	unknown	2019-05-08	2019-06-07	2023-08-29	617 B	7.9 kB	45.135.120.2
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-07	1.3 kB	278 kB	142.250.74.168
radar.cedexis.com	3035	2009-01-07	2013-11-27	2024-05-06	822 B	1.1 kB	45.54.49.5
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-05-06	1.1 kB	448 B	216.239.32.36
www.google.no	25607	2001-02-26	2016-04-05	2024-05-07	582 B	580 B	142.250.74.163
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2024-05-04	83 kB	3.9 MB	185.244.209.62

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (116)

	URL	Size	First Seen	Last Seen
	1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510	2.0 kB	2024-05-07	2024-05-08
Pretty URL 1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 09:57:20 Last Seen2024-05-08 01:36:59 Times Seen6 Hash 991153757cb65d57b6e6a8783a559b80 75396d28d126eada9fd69f33367626010d646633 3a5ba93a4eb20431badba0e7b99b59d7f8643b62d74ae41af64bae7520d523d1 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js	41 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 3645d2d457e7c89dbddbc70d1bb71d2e d91ac83ee98ca90c4a45448683041facd9b325cd a615e922b7060fe133277857d8a581923a62ce0da64aff95340bd9b884856a5a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js	134 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 474bfa89621896100251055f7c19712b 0e19c615fc77f9ed2d69d74b7f8a42d41c6f5138 ea0fef6e0a33df0b36bdce2df6b8bf50eef0dd3b71c7c6fc567a7d7c5d39fdd3 Loading...

	widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js	3.8 kB	2023-10-05	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-05 09:17:37 Last Seen2024-05-19 16:21:35 Times Seen2066 Hash ba1681cca05ff7b4f8698587da76ab26 7113520b461dfcbdcbc1725a1acc6e05547bf20e bcfc83f65454f29634e61503e84d77f3fe8bc06451b90927bf842e9ad352ac64 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js	1.3 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 59e405a5c84540fd5cd4a47c01954bb9 877928ec86d9742b605ab481e28e4ca40163154b a50357ec75eb7f36a26bfe20b003e614f8bfd8298d502b26c9dc36cbdc1d362a Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js	76 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 01:37:00 Times Seen20 Hash 4fb1e7d0f5418f3df96622b000ebe6fb eef890c8cf6d2c72eae34e39ba2e8e6ff79c8754 fd9fede696dd12b00cc9af15ca68f1209b5fd351f5bc32052221adbbb12d8e8b Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js	731 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:55 Last Seen2024-05-08 09:00:21 Times Seen26 Hash bd6d9e7b07e097eb950f4b8bd6ada2b4 d332a4f5771e4f6d2cd47cd94ff85c5eb5847418 ea2bfc78a76204b704ee4ff215cfd6be3c7edb98b6c6e77501c5dbb88f261ea5 Loading...

	unknown	39 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 16:21:35 Times Seen949 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	radar.cedexis.com/1/23802/radar.js	390 B	2024-02-13	2024-05-19
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23:26 Last Seen2024-05-19 16:21:37 Times Seen292 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js	237 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 8b5b82fea92540c112a534ae258307e2 380afabff0faa228d8c4f10cc9947b310d1bab68 ab31af22488ac9b76c9790f4d3cf1096a9402e7ab4a5b8e09d373cb5b62bc651 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js	6.7 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash db345f9ab9f4b60494ed02dd78f38d79 cb9cbbfabcb9c33191f6dae2927282f0ff4fa236 e9fe103123d124c15580efc873171acc3a1235957353992c779f9ab30938aab4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js	416 B	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:21 Times Seen17 Hash f82b46dce7c19fd9f12e08311e06b4d7 a22d1a217e0b5665e976cecf1cba74c7f884ba21 a5a3de88355ca693c9e33b10b37c3f175362fb3c581ab02c44fbb4fc424c4b1d Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js	53 B	2024-04-24	2024-05-18
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-05-18 12:55:23 Times Seen50 Hash bb7e15ec1662efa164ad912bd1c65e19 bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52 a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js	188 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash fdfc9ec2fb0c6c09b91f4d7afd8b013e fda34cd7ed3c34c04b95aa7ef5c8602246560792 52c22cd0255170803b57877f20365b1cc0cee020b6fff69c71fe0f7f6c9f276f Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js	12 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen53 Hash 805e7c2cd861f2191db66c39ab28e86b a6353246547e9a9fd01093fcb784d708d187e3ef 82686dab55962ead6916346bd901b3fc03357bb2a0e74dfe966ff784d75b2368 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js	101 kB	2024-04-24	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-05-15 18:55:38 Times Seen69 Hash 51ddc52774f4e5bd6a6f1c22e9d19674 374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4 642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js	41 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:27 Times Seen21 Hash de79bf6739658de7bc537d692f3638fe 1e7a3af0be67bc48ac8f184324daff5f1422ac26 35f8f183f2c85dfafed1127ec3f72da678b9eea861b4083672ae4580ff6a0af0 Loading...

	1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510	924 B	2024-02-25	2024-05-19
Pretty URL 1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-25 06:56:59 Last Seen2024-05-19 16:21:35 Times Seen145 Hash 92bf20f2f922cc746bec8fe320b23ed3 768e5dbe711e1b62cad807b11ded99ef85001483 b81f4c4f575092cb52a07f89a96291f8e258b3f6bf61e51df0fec3bcc3132fea Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js	24 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 01:37:00 Times Seen20 Hash dff08fc651e74f6ad7d80f2cb43e29e5 e1b0c10b245faa60623785bdefd27c9999483231 fb6ee46c49eb61f09a2dbfe856f0b41f4206323fd9dcc2dc8921ce951b9780bf Loading...

	v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js	7.0 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 91d17dbf833b48149a8b5d2f21895879 bd71a45fa4419ab4ddbc676f0a9cca2be05e1703 f085ff2e310ab82817411e3ed64d0902de49e149d0958cadb91d518ed5854335 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js	2.4 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:17 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 3a0e4a54185bcc66d2e032dd30a385eb 627755ca54def0761f25f827d5b4cb483e1ca83d e0bc5ffed1e6fd6285fea94e991fa8ec48a5f17677519c766d7ee7e757a02239 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js	110 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 756179b1f968d35107908086a552c869 5c1f6c8a0c1eed4246c04dac52c4b7056fc991e8 37093cd5b15bf40421db8a64625a01317d043479685d2e1f84accb8fbf992ea6 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js	1.0 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 16:21:36 Times Seen75 Hash 8fecd56fc5520134f3c39b17431fe0c2 e0cedac030a1fcf68779a592ed9e0775beb45123 3e01dfddf1e68faa32769d615eeb0e838a29241d18a57090040c595ee05f0ba8 Loading...

	unknown	47 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 16:21:35 Times Seen944 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js	450 B	2024-01-25	2024-05-18
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-01-25 11:06:32 Last Seen2024-05-18 12:55:26 Times Seen137 Hash 056ce527a12544a37f984ac598be2344 6946b65cf1c68960e5f9ac0900a0df66a13e7e85 cd7cdf53c803ca43a37171180d14c2374e45ab347d309f9b83a107b9ad9b4ed1 Loading...

	unknown	96 B	2023-12-06	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32:27 Last Seen2024-05-19 16:21:35 Times Seen970 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	unknown	34 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 16:21:35 Times Seen957 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js	1.0 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 54f54116f151f6469527d5f5c584887c 8078098cda5d50eeb285da4fc78655562f8324ed 8112adb0bbfa619109d5a6c3263e5e1761599c14b3c474b58b2f5ca512b46efb Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js	504 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:24 Times Seen30 Hash 5387051085dcc459e7077d5d8000b85d d22afab6c65228f0056f66e4f150783f6014e36b 34377c13fd72112cac96fba3642f084661361aea701a70ba3702c82c9bb42790 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js	372 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen23 Hash 441a6448f5a4242779baf6fc1399b13e b646aa02b2ed08c1590c6f4536341cb2e51a4f1c 0eede7ea7bad647cc90b8044489561c58d2d5865e88ecc59a572589c6ccea6b7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js	32 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen49 Hash 3f5e6415a870624bda2cd9741726af93 a5f7d27d2ca9f7e89a230ad43754f4e0390f293a 68449536372a92443232c2c9299ebc24a5f62543e6b12cd0a137b078f50d6e9b Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js	28 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen26 Hash 9167c6082d419d35f57a606871184d06 d4c4fac03b353c5881c352d6ac0c05947dc2e633 bed35ed9386f6d0d6f3096d00c7d14e042c5cb404f07ef0bb9abb4cc381e89c3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js	42 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 21a80fe42c418607606b5ee8ebc9ebe2 b93c8e0a2f18dd371501e1a8739e9445b2c1d9d1 880f72443c469f2d2e9421789eaeb1f2042a8c4ccfc8ce9057a685d588a97ff3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js	56 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen52 Hash 45302df89a240c65824afccc0240c030 84573118a402aa9a4ee0321ccf3f914c438a8369 25b695450684f580508f24855ea2d181ecd499e26573010621dd4a2ddc5af16a Loading...

	unknown	44 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 16:21:35 Times Seen946 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js	17 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen53 Hash fda91a0dd5e8251a0c4c540d7e54ed52 3c4a6e38286708cd62ff071ccf97e73f37200728 b3c3c2ee09cf4af0164878165cd9971fbfe83a461c18ad0ef7cfc33b36b782ef Loading...

	widget.suphelper.top/injector.js	208 kB	2023-12-17	2024-05-19
Pretty URL widget.suphelper.top/injector.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 15:23:16 Last Seen2024-05-19 16:21:35 Times Seen1027 Hash faa1c0b5a845868ac1a8071b6b87d458 71034e9bb2726a20b2afa197ff4e1b52c2ab976b d7585c13a4abd3b295a15b2bce2b2d7121a697f42ea85f89f40624ac26b075d0 Loading...

	widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js	141 kB	2023-03-08	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:26:33 Last Seen2024-05-19 16:21:37 Times Seen2524 Hash 896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4 Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	322 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:51:27 Last Seen2024-05-07 17:51:31 Times Seen2 Hash 9c321505b50fe118e530ec09aae065ba fc2e2291b628b0a8f6ec50674eba84351a73c488 18d1200a8152259b979bd2ebcb429bf5629995f5514d44568e280ef70973dc3c Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c	322 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:51:27 Last Seen2024-05-07 17:51:31 Times Seen2 Hash 5d06fc5a3ab9026a86072638816e5533 5cb54b44f85b6c4aec907c9644330e7b3c683505 45d6b45e21349470ceec00f77c6cd1750fdc6ace068bf25af6065eff5a76ff91 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js	37 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 63e1a6027725eca572736670eb935432 e3578492cf68e66a44f556a98545294a5b1bed5a e96e0e4abe03d7fb0d2449e0f2bf27bb0ee85cdd4d7b4098276c712842b45d8c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js	144 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash aedaa99fcce183a213f358a727e9eb87 7fe33331acbced57be412f96baff3a4595e207fb 2ccadc0a2eea97aeeb5f1825ad9bdac3873481a54bcd3b42cf6724271cd0f6ac Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js	25 kB	2024-04-24	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-05-15 18:55:36 Times Seen55 Hash 701ad5a22b8ea7213a53e334d0898349 87749d947f6aa40eb671447b58261d710ec5479b 07669c2ea7c29dd69e47f5518ba73b76389f3479e19f7362b461ef0fff96c1f0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-07683518.js	40 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-07683518.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:27 Times Seen46 Hash 5609f3d5d46109e5230f492c3d89cdcd 522c0a551da1db7753e72b6a629064a6170791d9 13f2ef217e2e8cc997cbcaa97126a6c31430ae1d073e406944364fb5f45f70e7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js	47 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:18 Last Seen2024-05-08 09:00:23 Times Seen22 Hash ef9def5f3c8a190bfffb14ce24c6eb58 c5fa568c8f9bee2aa988c80a7246e07edd8d84ba d5d3ad6908352036bda426fe1fdc6f1dc03ac13a7029bbf25fa50580abd9064f Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3a9e96a04d11.js	4.2 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3a9e96a04d11.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:22 Times Seen16 Hash da4fcf0e06e63dbfcf3058f435e0a172 7c544d459b9305c651de2b6c6a48a8188504c3ae f2735fd1ef60ddd6d03eb6c9a4b37b94913c89775308c2880f8dcdf8a321e115 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js	5.0 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen16 Hash feb5d0c05443398468224d2944536b10 d795e84479919f2fca3e48ddb1c9fea251260f92 d613b9c5f54a7d16fcfaf0ee200b05548ff0cc03a52ea1c3ef75c0315f5582e5 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js	424 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen23 Hash 33e7498a57ccd45d4321735d481a7313 46b45796c16d136c29f360cbb68d5b205904bcfd 778fa85294ad50c151be62183dbe5c18d754019a84e6c8a929b2c641d38ce3e4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js	2.3 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen50 Hash b44bc16cd2630bfada5ec9cbdbfcafab 43918946155d48f6cc8ecba42e2cf2cab28debd7 189ec6fd8e44cc47498706a2d2c815da1dc255040ef5ef57f5faa7c10c05ae42 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js	30 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 16:21:37 Times Seen108 Hash dfa127e93d125d4f6c566203eaf225f2 32c1fd89c4eeed7ac2a942582b3786659b15cd43 cf5077d1cff62ce76807408ebc2203563b7a221ddf1cf38339c6d54289bff390 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js	1.0 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:57 Last Seen2024-05-08 09:00:22 Times Seen16 Hash b49b08255ad6dd3864f907913b849ebe d795fb55582cfc60ad8e9316849952ace5cdfd29 3fbd78a17348b646b42ee72bcebc1c930f88f26e3b9e42ae3c488637e1e4a655 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js	198 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:26 Times Seen44 Hash 191ff223860f458112e0be2a63bd9857 850dd681d5b31321f00b8df955a455aa9478e44e 40e1fe6d194776c5fa845dda1dbebda9c2bc3154d8c45793ae74a2e1bf147016 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-414928da.js	2.3 MB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-414928da.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash 2ff74ba461966e9ef07ec952168d3783 eac39aaad2751e37b7b7e1cf6d966696f9c1c044 2073d859a26714aca057e24cb8c9ac7e8fd7bc8a184406d49cf0c46980ab405d Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js	15 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:15 Last Seen2024-05-08 09:00:23 Times Seen30 Hash 81deb8b2ab30cd1729e21622a32d9814 41b982e7a7e4eec22ce01ff1a3b854e51e385789 41159eb3d25b42d4e655a6a3f4e6b0777c2d8a572277d77f9104e171b8aa5589 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js	14 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:15 Last Seen2024-05-08 09:00:23 Times Seen30 Hash 395deb0abfd0ea102c0c9aa4cf08b2f9 b53c99a2bce733f0a45a075000949d34e2fd0b17 f11d7b6985d7e97030628cf137377b14e9316f8919f80dff4cdd488366aa6652 Loading...

	v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js	138 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen52 Hash 03b89bdb4f6013159d40de88c98403b6 cf41351caa86d91b56cf839d54ab28bf8f4f54f8 42d02ce0b520e2d8ce7341a0b07d92cd3833d762337b1f8aabc6f7f23e6fad4a Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js	954 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 1992415420cd9d59941e07133aa0c521 308a748fa982a440a112cb9e449f25a23bd6d83e 94a8f060251c7e705ee8c823783cb067e2844edb0f3900b6b0e91948d92ce907 Loading...

	widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js	108 kB	2023-11-02	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:20:57 Last Seen2024-05-19 16:21:37 Times Seen2515 Hash 83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75 Loading...

	v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js	3.1 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 66c4eb11ec60384b198e73db080c0f32 6fb7618e384b9e01454c7b984728236f178192da b45c772a5a204e430a575b896edc43205412a5f28539c2e48c152df7669ad7cb Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js	69 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 16:21:37 Times Seen110 Hash 138de5d55ee831195dd90bbf5c557926 4413082980942643803d8d4567df2f8395c0e868 55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	178 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:51:28 Last Seen2024-05-07 17:51:31 Times Seen2 Hash 7163862c4911821ad5bdbb5b151cd941 d799753dd6f1a716971fdd37c4102831f42580bc 24bfba9c161f3b017f8fed89aa293ea39273e46f6cf5e4fd18dd3827c984882f Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js	20 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen26 Hash adc7f8e289bd475a5a922c91b93591b2 540252cd02880714746d3656e61c67e7acab7fda 3b542ce26d333f558f94adb8cac49e58be95a5470eb3079d1dc0b2b7a7c97b6b Loading...

	widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js	78 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-19 16:21:37 Times Seen603 Hash dc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js	2.1 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash e4a5e0e3cafb59fadf6c400cfd363b1a 9782ef66f8c66b9daf7c71799bb64a36791aafcd 528a971a8fd97998b7c66f789d482b73572d3f2f0a1c621aa917552c0abf3c68 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js	66 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 5c486444497d7afeea7cabf3a651d76a a5c40dee88530a85a4c061ad4379b13e3b8df745 9c3b64738e185dacb94ddfa13c1807be093f49e0a3b5810f92db524ea9f60020 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js	10 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen22 Hash be042bab68dd466121fb1460a17b1795 3dfa3c583644e2aa71ff199a262a54e17cd378d6 2a7bf413f8f8d67f545da852425cdec3b3960fa2c62960ca49c5a2dc43108ac0 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js	21 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:33 Last Seen2024-05-19 16:21:35 Times Seen108 Hash 598d5481ac96b9bf8013b0eb1413b8e5 cc7e3384da379a215ac43b2385e901e22ceb6327 1488ecc35389c72a3aa26d468420069f6b719db456ea82605762311da663b65f Loading...

	data:text/javascript,export const meta = import.meta;	32 B	2023-12-06	2024-05-19
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32:28 Last Seen2024-05-19 16:21:35 Times Seen970 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js	32 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:30:37 Last Seen2024-05-08 09:00:23 Times Seen56 Hash 56a0eecb3ec4576e9abf6f8f3e2707f9 6ddfcb4b1669c1323d87906b720fe8e4c258c143 81a5331c3ce30f9e8f21bf5e69591e24dd0c77d9b69157bf0a5e2242fc299ed4 Loading...

	widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js	1.0 MB	2024-05-02	2024-05-15
Pretty URL widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 12:28:02 Last Seen2024-05-15 07:03:13 Times Seen91 Hash 5997e7f54cf2aebf463f16902ccbc7fc 659b9677d6196eabd63ce0feb5f4466accb72df7 08d0ab3696a84b16c7cc5306bf6d83dd27f99a2ce221ed337bf09dec8ebf95db Loading...

	widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js	373 kB	2024-04-24	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-05-19 16:21:35 Times Seen227 Hash 36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0 Loading...

	widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js	77 B	2023-03-07	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-19 16:40:03 Times Seen87556 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js	37 kB	2023-10-13	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:04:09 Last Seen2024-05-19 16:21:37 Times Seen3226 Hash 6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3 Loading...

	widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js	107 kB	2024-04-25	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-19 16:21:37 Times Seen234 Hash d0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js	1.5 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:57 Last Seen2024-05-08 09:00:21 Times Seen16 Hash 7def1ae39ae3ec1a1a1d626c24e5a7f2 c01023fb1bb0149d53435f5e665c7936ce88aee6 9b43d70a4acc4172dd9c3fceaa2e5f0585b1263516eb3b1f05c363980294152e Loading...

	1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510	782 kB	2024-05-07	2024-05-07
Pretty URL 1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 17:51:28 Last Seen2024-05-07 17:51:28 Times Seen1 Hash ed7fc54625f0d6551327efa055e732a5 a9740bce4355d473d9972c36afd3b23d7f71723c 37763ce7d1d537e99b93a88579fc2e368b1d52d9ca7070b08002eb7d29f98752 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js	8.7 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen53 Hash a5db05d47f7f37c06acc29a0f4eeb447 b9ddddb586721548eaa4a62d7ae420bfcfc5bddb 4053d0ffbd3af6bc022131a3f123bd4e88825f1b5f06a74dd2072a2b0fe3f243 Loading...

	v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js	3.2 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:30:37 Last Seen2024-05-08 09:00:23 Times Seen67 Hash 0cc9277dab4117c9b162cc01e1f0b97f 5b7d9007e2d99d3715c5f226aadf44aa4da4332b 6d7637a83c7812813039573e9c67efbb30e4021a971c546621a397eb72ea4bd0 Loading...

	widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js	481 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-19 16:21:35 Times Seen592 Hash 46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js	2.6 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:21 Times Seen16 Hash 942da12c1a44ccf257f6ea3e09ed3175 117b957d554602393aed24ffb08c957f89dc622c ecb8f76caef1e9eda494ea85e50bfa687baf1a99774b32edd34b03e8215f4075 Loading...

	v3.traincdn.com/_nuxt/check-ob.js	211 B	2024-04-24	2024-05-19
Pretty URL v3.traincdn.com/_nuxt/check-ob.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-05-19 16:21:36 Times Seen267 Hash ced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js	20 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 860ea683ac1ca8494adc10cb2ea4fcdf a1004cb9bb3a036d215dfbf6b9bade88ad81a7a3 e8fcc72111c9040f545dd314899e61e406ceaa76601c816dc3c1a7b407f88850 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js	28 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 01:37:00 Times Seen20 Hash 18963957c8f45d24c0819a973d362e7b 5a1846a89c5cc9e8028044ff5948bd94f428c412 d1c98b4199c034c2a115ba70268a3e536640ca8b992887df0b085d476ab1275f Loading...

	unknown	47 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 16:21:35 Times Seen946 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js	6.4 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:30:35 Last Seen2024-05-08 09:00:26 Times Seen65 Hash 60f915b0daad3af04303726381897e81 133c20a7f58c18758483c23f595d5a4f22ba9371 320b5a7d25c926dc55eb7a53f4348bf7c34bd7f5bc6ad3bcd1d16029239dc3a1 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js	7.6 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:15 Last Seen2024-05-08 09:00:23 Times Seen30 Hash 68b874a85269b1e64bfd1065d0254a1a 46d5559120d28058a530b18616085b6826bb03c3 7a51983ef71867325dd5d9bf7b7eadc66b567a882f50c1d09158bf4f7de8b587 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js	30 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen25 Hash 93a3cdd4ea0ae5eb295e71988355c5d4 0c9e334aebd99fb9c44575c99abda82d0b53acb1 104a5a19f0a8b4d443e55c32daf49eea2343ee96da27b48c21f09e1425081d62 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js	1.2 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 52ab057c90af6d742e95f43ff97e95ff dfdce102add5fc4fa06ac366a663e7a732bd9352 feedd981d953d2933cbb35a49608ebf408f13f457399c2b11aa1ef5eb76db547 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js	15 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 2f5a8b05ac32c583fcde180d9d46fce9 86cc94f0c76922b731336bb6c13ff2839f37d689 6f2a20b4cda56cb4d92bd6d3817945c5e659723eaf3e5c85f0a00274c909a9cd Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js	12 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen21 Hash d5bb5783c476219b31ce5582083fd74b 326b40532b72988c1d23fb931daabead75d18482 2724a816ddb0fd1234ca8cebf9db4fd60290f282fcfcb5619ffe70be9c0160b7 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js	81 kB	2024-04-25	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-15 18:55:36 Times Seen32 Hash 67267513246705d46a0bb83e1f8efd2a d1af6d9ad50f110bbb4bb4d75965dd939a14e15d 35acb34c3273056ead66f9ae7dc11b3c2e3bd1a4c46dc22daaa6900c150c2b2c Loading...

	1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510	15 kB	2024-05-02	2024-05-14
Pretty URL 1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-14 10:51:33 Times Seen17 Hash 3e520df15f0dee47790b221cd7d47d5b a9dc00c41ac65b02bce01a2deaf9a44379f25e8d e14077003b6f51a50d2c053edcace82150b0f1b20373a11ca7dc57e4231cbf34 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js	21 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen22 Hash fb60e20d94667a730b2505f72a36269f 9553f3349aae185bd43d95b7ea735790b5ac35d4 24b7cc1abd1d6224f08db147e7c866945d1f205b36b55ac5a5f1c47ed96d69ab Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js	1.3 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:35 Last Seen2024-05-19 16:21:35 Times Seen75 Hash 518e0ae196483ada8b528a1f2b7df0a1 50e66030d9aca44adb3bd7893ef3c42593e26be4 529ca09688eb85183a34a43651cad1e8fabae2a02924753d54786f3de5e85693 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/60c7aeb54494.js	715 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/60c7aeb54494.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:21 Times Seen28 Hash 0a4d6d7efa89ba140b62c6aee5e8fc6f 9e5b132d8df77dc2fe824cf30a362084400f23c5 60e4e95557382dcdc956e8e80595030789aedfcf6c9f2ff90e92c5f4a2631e0d Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js	1.2 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash 22e67b67b6c959d57aa78ae317120f36 ba2fb2181061d5aed5b6c98ef0aa0bd0aa135ece c696029dc6e79eb249d40656e1842626f439c5ba2851629fa1b33faf884111a3 Loading...

	1xlite-461430.top/polyfills.js	0 B	2023-03-07	2024-05-19
Pretty URL 1xlite-461430.top/polyfills.js IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 16:40:37 Times Seen37834243 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js	122 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 01:37:00 Times Seen20 Hash 6bb873114649db4b87839383a7d31921 91b56ad064a4b8fd0d7edb89a040c6b9d06866aa 6dc41e4f75d65dd3dc2f311198e1a9b2b65e0687c2d905b7d64cf9265f7bda2d Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js	31 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash f9da465f4f7355523306ce6bbf89c0d5 c39974e7867bcdd6bbe385ba52c9be335afdfe6b a5ff3777031e8ee4babfe1d6a7a6fff1fb2fc0db58de71ea8202bc37a7aab0f2 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js	16 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:16 Last Seen2024-05-08 09:00:23 Times Seen26 Hash 18f932fe4f53ce3de4a44b04b0524916 ed47f4f593c25b33012b0369c19883c23e7d3df1 c665029c63cfd9399be9c74e897668b621e3a6e690f0da69196f4c73c16f0cee Loading...

	widget.suphelper.top/	196 B	2023-07-20	2024-05-19
Pretty URL widget.suphelper.top/ IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 14:42:12 Last Seen2024-05-19 16:21:35 Times Seen2116 Hash aa729c2ec64b60ce3b2052cc8edaa329 0f673deff4bffdd337a6220feb0b7b5b5ff666c4 9693391d461678be59d683100b1442f4ee65d2cf5bda3904fbf6232a7eb921ca Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js	7.8 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 3078429361b9801527b7f4deb1ff2633 c0bf69639f54697d7fcf5ee8ed06072a629b3fff 3042f5f56a8fae2d232bd88071179a50133e8d90fd11ec2f52259b23d8e0cb5a Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js	1.4 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash 1ca49088b69c49762c2b4dab10ebe060 d9b6754b9fd11ad9be0cec795758b89b3b9dc62b fc430e6fe7bd867ba551df2263494ba5dde0e1826aa3a16cd52af79430abec1a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js	37 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 149f1f916b0c47494c7bdc15122390d4 f6be7ef6c3649f4b83fd19f7459dbce46ff15925 f8ecbd7355d64beb3e23daea185a634fa436012d707160381bb3b65548a9c92b Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js	77 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 45f90516ee8a557d78c08e1e925c1490 adc0363ed75f47f9513a36a94173c6e4940a2adc f5b8b3c4e62dbb4ebc5fd634f5bb17b3145a14c21bdc3e9c0a4dcb45b9e573fe Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js	76 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 05e740893c07a5cc45b5f0f2d787dbf5 28c364157e02ce207609bca53064a4b513e8bda7 a2af38a1cec7178448ce8d1aee99190b643f50894d3d05cac2e5234caeac8e5e Loading...

	widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js	10 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:35 Last Seen2024-05-19 16:21:37 Times Seen599 Hash 54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662 Loading...

	widget.suphelper.top/_next/static/f385e6db/_buildManifest.js	519 B	2024-04-25	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_buildManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-05-19 16:21:35 Times Seen141 Hash 06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js	27 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen54 Hash ead4a901af60e4b8138e732f0aea9637 7c1d57d444a07553738ddcb8b6a2bee305a0c215 e6bc116e4cb54d011d2a1fa1f87ab12d1f320aa8dc54c89b1f286f2b02ee14c0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js	26 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen49 Hash e30c678eadf7bd0fcc773e1599b97ddf 41243dc14d9eb2569fa832a3b8c27fc0158991aa a4334d54b8db6d6eceb88c48ee428dfbb0ad3749d4137439f77859e205b52806 Loading...

	widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js	92 B	2023-03-07	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-19 16:21:37 Times Seen7997 Hash 7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js	1.5 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen16 Hash 76cb7b38bd7dd009e525ca10453839cd 6f243fa517f2f2eb7c5de651fca6efed3c6f7ded 91471eda0cfb8a92d2139d87180f101574355cc4009e8983507054f8f9883aa3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js	853 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:17 Last Seen2024-05-08 09:00:23 Times Seen22 Hash c4d75347728629ec3f0b90dc82f0a3d2 ff949fe02da04d39be746f8d091a1a7b30126f7a 8ca2bd3ad104c33fb6189e87cab8992734ca6bf99a631ed413f63444b834d33b Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js	435 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:22 Times Seen25 Hash 213bb33769eecf49a9d71c164b83a3d6 2caacec15b0665fc36759a6bdf499512788dd7f3 75e86ca16a3f828026bc32b7aab627175289750ac184bd505d531c591d2bf011 Loading...

		Size	First Seen	Last Seen
	#1 Eval - a57b2c957bcb0751508aaa2ef36ff744	109 kB	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 17:51:28 Last Seen2024-05-07 17:51:28 Times Seen1 Hash a57b2c957bcb0751508aaa2ef36ff744 da0796bde031cbead8c75e7307d9357d2d88b2f2 fedb5cb5a7b625114a74870e5c4febdbe5b13030bd5e0d050f3a456e0b6f96ac Loading...

	#2 Eval - 160c324cab73fdbc425964699d6653fc	31 kB	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 17:51:28 Last Seen2024-05-07 17:51:28 Times Seen1 Hash 160c324cab73fdbc425964699d6653fc 8549278832b8a13de89af1410ac06d6a3e41218a 26b9c2750fda6b86660eb0a39b018aa2d1f6a298c993db3649c3f99af0043c49 Loading...

HTTP Transactions (253)

URL IP Response Size

1xlite-461430.top/polyfills.js

178.253.29.51

200 OK

0 B

URL GET HTTP/2
1xlite-461430.top/polyfills.js
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (47215), with no line terminators
Size
15 kB (14752 bytes)
Hash
ef9def5f3c8a190bfffb14ce24c6eb58
c5fa568c8f9bee2aa988c80a7246e07edd8d84ba
d5d3ad6908352036bda426fe1fdc6f1dc03ac13a7029bbf25fa50580abd9064f

HTTP Headers

GET /_nuxt/desktop/default/runtime-baf5b66c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 14752
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-39a0"
content-encoding: gzip
expires: Tue, 07 May 2024 10:54:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-200942b04bd0154a43f8e307df51ad74-d947fdd2839fa687-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:54:45+00:00, 2024-05-07T10:57:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

refpaucqkl.top/L?tag=d_151095m_23801c_[]MS[]null[]null[]general[]28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510

45.135.120.2

303 See Other

7.4 kB

URL User Request GET HTTP/2
refpaucqkl.top/L?tag=d_151095m_23801c_[]MS[]null[]null[]general[]28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
IP
45.135.120.2:443
ASN
#56630 Melbikomas UAB

Certificate
IssuerLet's Encrypt
Subjectrefpaucqkl.top
Fingerprint90:4D:DC:FE:97:13:E2:39:FE:C9:B5:B6:14:1A:E5:9D:74:C5:BC:7B
ValidityMon, 18 Mar 2024 09:17:13 GMT - Sun, 16 Jun 2024 09:17:12 GMT

File type
gzip compressed data, was "a4f501bb.css", last modified: Mon May 6 10:23:05 2024, from Unix
Size
7.4 kB (7418 bytes)
Hash
1ac69b2e3226432a2106c1bbfd6945b9
6c3628336e927e6d5e9f4dbf15bc9cd298f7d4eb
3fd0d0e6ea34585f0660cc5edc54ca8d50dc4a6d96c49831c26dbfaf7a8b21d7

HTTP Headers

GET /L?tag=d_151095m_23801c_[]MS[]null[]null[]general[]28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510 HTTP/1.1
Host: refpaucqkl.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
server: nginx
date: Tue, 07 May 2024 15:50:36 GMT
cache-control: private
location: https://1xlite-461430.top:443/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
x-aspnetmvc-version: 5.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.003
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js

185.244.209.62

58 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64940), with no line terminators
Size
58 kB (58244 bytes)
Hash
8b5b82fea92540c112a534ae258307e2
380afabff0faa228d8c4f10cc9947b310d1bab68
ab31af22488ac9b76c9790f4d3cf1096a9402e7ab4a5b8e09d373cb5b62bc651

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 58244
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-e384"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a75feb5ecdde310e35da9903d2a0f66f-02684a106a880d2e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js

185.244.209.62

9.2 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31683), with no line terminators
Size
9.2 kB (9205 bytes)
Hash
3f5e6415a870624bda2cd9741726af93
a5f7d27d2ca9f7e89a230ad43754f4e0390f293a
68449536372a92443232c2c9299ebc24a5f62543e6b12cd0a137b078f50d6e9b

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 9205
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-23f5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ad1ee5efe593be5dd0a2ac0af13f1c91-2d98725818e0a311-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js

185.244.209.62

10 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (40656), with no line terminators
Size
10 kB (9977 bytes)
Hash
3645d2d457e7c89dbddbc70d1bb71d2e
d91ac83ee98ca90c4a45448683041facd9b325cd
a615e922b7060fe133277857d8a581923a62ce0da64aff95340bd9b884856a5a

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 9977
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-26f9"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-94b4fafee66df66b5690112b2e2ff2cc-c01f70194e399561-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css

185.244.209.62

200 OK

336 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1099), with no line terminators
Size
336 B (336 bytes)
Hash
6921418ff9395c44037498a4cf17ee66
31879049279e2cb5bc06b249d80d1735ef112b19
e6de221b29f3b4e47505c877067f28565ab5e1b419dc5003aca29c49596e73ab

HTTP Headers

GET /_nuxt/desktop/default/css/a7906856.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: text/css
content-length: 336
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-150"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fc1252b8ca9e93922786c3eb7f475543-0f00defdf9b58b87-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css

185.244.209.62

1.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6716), with no line terminators
Size
1.3 kB (1324 bytes)
Hash
be35c859b4087d52ff863e02472b7438
acce1097a331dc2ec0669d17db06c679e7c81be6
af7c9af6bda4b329f14b870f4df09e1b11e87d8dba17c30eed496dc5d27dfc1f

HTTP Headers

GET /_nuxt/desktop/default/css/6cc025d5.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: text/css
content-length: 1324
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-52c"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-df285947c8ffea499d6c5ea5432d8a17-8249d55bf07a5e6a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js

185.244.209.62

4.2 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14590), with no line terminators
Size
4.2 kB (4207 bytes)
Hash
81deb8b2ab30cd1729e21622a32d9814
41b982e7a7e4eec22ce01ff1a3b854e51e385789
41159eb3d25b42d4e655a6a3f4e6b0777c2d8a572277d77f9104e171b8aa5589

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 4207
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-106f"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5b5d5206057f902e252308a9c5b969a7-8e89ba19aaf5c283-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:46+00:00, 2024-05-07T10:01:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js

185.244.209.62

2.2 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7613), with no line terminators
Size
2.2 kB (2209 bytes)
Hash
68b874a85269b1e64bfd1065d0254a1a
46d5559120d28058a530b18616085b6826bb03c3
7a51983ef71867325dd5d9bf7b7eadc66b567a882f50c1d09158bf4f7de8b587

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 2209
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-8a1"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0aba4d2c0fcf8bab426896d6732484c0-6b19cfac84a786da-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:40+00:00, 2024-05-07T10:01:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js

185.244.209.62

17 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65113), with no line terminators
Size
17 kB (17011 bytes)
Hash
5c486444497d7afeea7cabf3a651d76a
a5c40dee88530a85a4c061ad4379b13e3b8df745
9c3b64738e185dacb94ddfa13c1807be093f49e0a3b5810f92db524ea9f60020

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 17011
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-4273"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b51b73e141f333e9f787b47a4a93908e-5359bb253ed4ce1e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js

185.244.209.62

5.9 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21262), with no line terminators
Size
5.9 kB (5874 bytes)
Hash
fb60e20d94667a730b2505f72a36269f
9553f3349aae185bd43d95b7ea735790b5ac35d4
24b7cc1abd1d6224f08db147e7c866945d1f205b36b55ac5a5f1c47ed96d69ab

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 5874
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-16f2"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-11bf93ebbcc187e48a3806db77f74a37-e7fcc48b9332b91a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css

185.244.209.62

1.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8509), with no line terminators
Size
1.5 kB (1491 bytes)
Hash
b0cd3891fe08ec67c50bbdfd9f7e9181
205511f8e55a0498e8129c290759a26ba4a4db31
75c619e9cabd7b2c1939e6837909e12c51fb3e68888ba20d650cb1939f983f6e

HTTP Headers

GET /_nuxt/desktop/default/css/98ce2926.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: text/css
content-length: 1491
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5d3"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e73eabfca934adbc3650ea9103ccd002-04d0b81f0db12cab-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/version.json

185.244.209.62

44 B

URL
v3.traincdn.com/version.json
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
265e4e9c948f929631d7e9bcf0d19d5b
c70f40cde4e09003b980fdae5130f3695de16add
62ec6fa5c15470b882bd7e05f5651b0a265a0cb2857cffa5cbfa34b3d2cf42ba

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: application/json
content-length: 44
last-modified: Mon, 06 May 2024 10:24:15 GMT
etag: "6638afcf-2c"
content-encoding: gzip
expires: Mon, 06 May 2024 10:50:26 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-795fd455220b673cebbfdf9363d39f38-b05e65efb71e1014-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:49:26+00:00, 2024-05-07T15:50:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js

185.244.209.62

3.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (13913), with no line terminators
Size
3.5 kB (3531 bytes)
Hash
395deb0abfd0ea102c0c9aa4cf08b2f9
b53c99a2bce733f0a45a075000949d34e2fd0b17
f11d7b6985d7e97030628cf137377b14e9316f8919f80dff4cdd488366aa6652

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 3531
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-dcb"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9e59b75266912594e671d255ecf0fa29-b1bedf623765d953-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:39+00:00, 2024-05-07T10:01:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css

185.244.209.62

2.8 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (20960), with no line terminators
Size
2.8 kB (2763 bytes)
Hash
6cae6098e169876c305ca92f82fe3cde
d27c18f05738795d575c8ce370ed83cf07da0a5a
7095d096e88dd0a09d84d063de1e0eedd406b032150a5af99e796c2ac63bcfe5

HTTP Headers

GET /_nuxt/desktop/default/css/9eb4939a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: text/css
content-length: 2763
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-acb"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-513a6951c5fde3cc41fd5471a99d6fbd-3d77ee9066a5d643-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js

185.244.209.62

10 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (41615), with no line terminators
Size
10 kB (10290 bytes)
Hash
21a80fe42c418607606b5ee8ebc9ebe2
b93c8e0a2f18dd371501e1a8739e9445b2c1d9d1
880f72443c469f2d2e9421789eaeb1f2042a8c4ccfc8ce9057a685d588a97ff3

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 10290
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-2832"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e6f0256503bd22991811436fe3080af6-09451023b7f5c7c1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css

185.244.209.62

200 OK

194 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
7f1ee7f9ec47159043591789124ec7cc
bb021131214d4b70b327355a5a947b974f2eccbd
4041bafac614e354c03b647dc8d226e140460381c4816a65528e4ba428b0a0ad

HTTP Headers

GET /_nuxt/desktop/default/css/c3d37cc4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: text/css
content-length: 194
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-c2"
content-encoding: gzip
expires: Wed, 08 May 2024 09:23:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a651b5d61432124bc9218ad41b2f309d-90b459b1892abfde-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:23:40+00:00, 2024-05-07T14:34:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js

185.244.209.62

644 B

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1333), with no line terminators
Size
644 B (644 bytes)
Hash
59e405a5c84540fd5cd4a47c01954bb9
877928ec86d9742b605ab481e28e4ca40163154b
a50357ec75eb7f36a26bfe20b003e614f8bfd8298d502b26c9dc36cbdc1d362a

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 644
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-284"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a79d6763705fafbd75c2321aae0f25d5-9990c006c5437e64-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css

185.244.209.62

332 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (975), with no line terminators
Size
332 B (332 bytes)
Hash
31aa50dcbc858f61bf3ed903493b8431
abf67e7f02256d2d5c5e2054b2930aa9b5ece999
18337e3b3c6f57695afaca43e471c075fd711e0485b4e7f1fdc1b6fe4e8703d7

HTTP Headers

GET /_nuxt/desktop/default/css/885d64fc.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: text/css
content-length: 332
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-14c"
content-encoding: gzip
expires: Tue, 07 May 2024 12:17:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ff8021617ab871757c065470ba213eb3-d188db744bea8a74-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:17:32+00:00, 2024-05-06T20:06:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css

185.244.209.62

3.2 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (31339), with no line terminators
Size
3.2 kB (3226 bytes)
Hash
9e9b190c1ab8126c2576203d5d43ec63
a80ccb6739023605edbd86be13f38a58ff7f4906
c4a28e2bbc67a853613460727d4abba3687be55593a7513a4079ea34579fbb02

HTTP Headers

GET /_nuxt/desktop/default/css/ca542d7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: text/css
content-length: 3226
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-c9a"
content-encoding: gzip
expires: Wed, 08 May 2024 09:58:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-94c5ebe75cd025f2875c8aaeeb7edccb-122bd4169935a779-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:58:01+00:00, 2024-05-07T10:40:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js

185.244.209.62

200 OK

3.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10178), with no line terminators
Size
3.4 kB (3365 bytes)
Hash
be042bab68dd466121fb1460a17b1795
3dfa3c583644e2aa71ff199a262a54e17cd378d6
2a7bf413f8f8d67f545da852425cdec3b3960fa2c62960ca49c5a2dc43108ac0

HTTP Headers

GET /_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 3365
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-d25"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3fd7d4d4a0588dae69b4d934b019646b-7b7329e1a68c5d25-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js

185.244.209.62

2.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8663), with no line terminators
Size
2.5 kB (2475 bytes)
Hash
a5db05d47f7f37c06acc29a0f4eeb447
b9ddddb586721548eaa4a62d7ae420bfcfc5bddb
4053d0ffbd3af6bc022131a3f123bd4e88825f1b5f06a74dd2072a2b0fe3f243

HTTP Headers

GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 2475
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-9ab"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3a94c1f06f545a0f50bd6101cdfebe31-2453ebe2a6b61a7b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css

185.244.209.62

4.0 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32277), with no line terminators
Size
4.0 kB (3964 bytes)
Hash
eeaf257a8645b90669a2ea93b8fb534e
d81289258b7a5c126dd860232760852cc8ad865e
3a170c88ab694ad7552f7a84baa04ddb248c32b7f8ffe16d55dd73685de87aa6

HTTP Headers

GET /_nuxt/desktop/default/css/85148a0b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: text/css
content-length: 3964
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-f7c"
content-encoding: gzip
expires: Tue, 07 May 2024 12:54:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-84dbca5a322924a87600088283ac673f-9d072f3017552142-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:54:58+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js

185.244.209.62

7.8 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (28142), with no line terminators
Size
7.8 kB (7775 bytes)
Hash
9167c6082d419d35f57a606871184d06
d4c4fac03b353c5881c352d6ac0c05947dc2e633
bed35ed9386f6d0d6f3096d00c7d14e042c5cb404f07ef0bb9abb4cc381e89c3

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 7775
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1e5f"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fab7b2a7ee8e33953daceae729fc8c75-125553ad67b779d6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js

185.244.209.62

8.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (29805), with no line terminators
Size
8.3 kB (8283 bytes)
Hash
93a3cdd4ea0ae5eb295e71988355c5d4
0c9e334aebd99fb9c44575c99abda82d0b53acb1
104a5a19f0a8b4d443e55c32daf49eea2343ee96da27b48c21f09e1425081d62

HTTP Headers

GET /_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 8283
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-205b"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-24349163b274319d5565ff38d3a8514c-6074d9d43ccd93ea-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css

185.244.209.62

1.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4632), with no line terminators
Size
1.1 kB (1113 bytes)
Hash
f74d8b7e31b6ab236a9577348874385d
87091e6542649037a05fc137fa449b713c85225d
b33d72295f1edbfc13da30236c4b811cffe4ba8ef758a515914cd69cf02edbf8

HTTP Headers

GET /_nuxt/desktop/default/css/5cfdf959.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: text/css
content-length: 1113
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-459"
content-encoding: gzip
expires: Wed, 08 May 2024 06:45:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-dd41533216d8f110dd4dd7ee045abb21-d50efc67cdc50b70-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T06:45:39+00:00, 2024-05-07T09:06:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js

185.244.209.62

200 OK

6.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (20014), with no line terminators
Size
6.3 kB (6258 bytes)
Hash
adc7f8e289bd475a5a922c91b93591b2
540252cd02880714746d3656e61c67e7acab7fda
3b542ce26d333f558f94adb8cac49e58be95a5470eb3079d1dc0b2b7a7c97b6b

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 6258
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-1872"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4eb5f7fb7652eaf971c231e489b67f28-dbd464060b5ae452-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js

185.244.209.62

225 kB

URL
v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators
Size
225 kB (224914 bytes)
Hash
c4d75347728629ec3f0b90dc82f0a3d2
ff949fe02da04d39be746f8d091a1a7b30126f7a
8ca2bd3ad104c33fb6189e87cab8992734ca6bf99a631ed413f63444b834d33b

HTTP Headers

GET /_nuxt/desktop/default/app-1483c42a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 224914
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-36e92"
content-encoding: gzip
expires: Wed, 08 May 2024 09:01:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-366e33a3208eda058a6d010088825831-cc854909dae2af11-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:01:03+00:00, 2024-05-07T09:06:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js

185.244.209.62

47 kB

URL
v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
47 kB (46801 bytes)
Hash
03b89bdb4f6013159d40de88c98403b6
cf41351caa86d91b56cf839d54ab28bf8f4f54f8
42d02ce0b520e2d8ce7341a0b07d92cd3833d762337b1f8aabc6f7f23e6fad4a

HTTP Headers

GET /_nuxt/desktop/default/commons/app-2e30fd7d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 46801
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-b6d1"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-db97a256d8e2374a4c4a0043f4a93039-7c4e3f63c97dd75a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:58+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/035c0001.css

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/035c0001.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
14 kB (13859 bytes)
Hash
ac3b78bdd1c881f78913b967fd22a91f
15295665baa2ccaf71e8a093f333d087621a17ee
ee4c84a2fe257a888fcec5809b67b563aba3a4c52f102154ffa19a685434d835

HTTP Headers

GET /_nuxt/desktop/default/css/035c0001.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: text/css
content-length: 13859
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3623"
content-encoding: gzip
expires: Wed, 08 May 2024 09:01:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-79724cad6483c1d7b42891582f66054e-6fc9de5897b7f6dd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:01:03+00:00, 2024-05-07T09:06:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css

185.244.209.62

2.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9958), with no line terminators
Size
2.3 kB (2277 bytes)
Hash
76a1e3dd8e25bf9a48bdd896de779d20
38c3643e25808d1f3ab167273201eac8c113c088
aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273

HTTP Headers

GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: text/css
content-length: 2277
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-8e5"
content-encoding: gzip
expires: Tue, 07 May 2024 11:27:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2d78485dec3c79e504a18834b1b7813f-ea7d6281c715875b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:27:59+00:00, 2024-05-07T12:10:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js

185.244.209.62

267 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61101)
Size
267 kB (267237 bytes)
Hash
1992415420cd9d59941e07133aa0c521
308a748fa982a440a112cb9e449f25a23bd6d83e
94a8f060251c7e705ee8c823783cb067e2844edb0f3900b6b0e91948d92ce907

HTTP Headers

GET /_nuxt/desktop/default/vendors/app-d26cc899.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 267237
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-413e5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d4f66748b7d7cb2bebd3badc4f7af16b-4e677aa1fcc6615b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:58+00:00, 2024-05-07T14:49:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

64 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4622ff9b34ab48144552e19bfacaf978-0034e1939ab22987-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-07T15:10:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ef5570b1289bedd33811ab4a51a8914e-8ac0a06cf2e57cf4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T15:44:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

64 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e9e9a77c9d9ded17a793783b094e2ed0-a0d240c7abf23f34-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T15:35:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/check-ob.js

185.244.209.62

200 OK

187 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/check-ob.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
187 B (187 bytes)
Hash
ced67278c38d1ce1297c121af69fff8a
df6e1531fd84d956263b04254e6f94f5356623f4
2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616

HTTP Headers

GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Mon, 06 May 2024 10:23:37 GMT
etag: "6638afa9-bb"
content-encoding: gzip
expires: Tue, 07 May 2024 12:56:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-15d34270dae19da749775197a5e31265-c5ab43d233d27348-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:56:18+00:00, 2024-05-07T11:36:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png

185.244.209.62

200 OK

653 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-da8fdbedf4d1987f3f62d998ee60bf8e-d5203f1f8cf619bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-05-07T15:00:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css

185.244.209.62

194 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
2818ab9c6ece35261fbf658165189623
f01f8175a7a89449a1dad5f2a7df06c5866c10af
b4f0b619b6f6ece6589df376a16eae022b084640348887d3c557e20a37207583

HTTP Headers

GET /_nuxt/desktop/default/css/f5105820.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: text/css
content-length: 194
last-modified: Mon, 06 May 2024 07:48:14 GMT
etag: "66388b3e-c2"
content-encoding: gzip
expires: Tue, 07 May 2024 09:24:10 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-96c399447c2844cb42375f81a070ca9d-99fd3aa0e413d56b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T09:24:10+00:00, 2024-05-06T17:55:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js

185.244.209.62

633 B

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1235), with no line terminators
Size
633 B (633 bytes)
Hash
52ab057c90af6d742e95f43ff97e95ff
dfdce102add5fc4fa06ac366a663e7a732bd9352
feedd981d953d2933cbb35a49608ebf408f13f457399c2b11aa1ef5eb76db547

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 633
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-279"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b8357f58ba27fa75a7141152605a75f4-2e1a5dd25dd0f56e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:12+00:00, 2024-05-07T15:18:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js

185.244.209.62

4.2 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14574), with no line terminators
Size
4.2 kB (4187 bytes)
Hash
2f5a8b05ac32c583fcde180d9d46fce9
86cc94f0c76922b731336bb6c13ff2839f37d689
6f2a20b4cda56cb4d92bd6d3817945c5e659723eaf3e5c85f0a00274c909a9cd

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 4187
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-105b"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-55b1c889bebee3a5da4364e957ac666f-8d87a7003f3df1dc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:12+00:00, 2024-05-07T15:18:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css

185.244.209.62

1.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6872), with no line terminators
Size
1.3 kB (1331 bytes)
Hash
7727cc93d85a2459297f9b1237fc6a92
f37f7a3ec3d30df2513a38dd2c67fefaf038edec
e4559060670fd8cf92ad4e830ae9237d2bbc735470f4597ad5d943388d9248d2

HTTP Headers

GET /_nuxt/desktop/default/css/2a37879e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: text/css
content-length: 1331
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-533"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f35e751c2d2fc5a012e48d0b14043442-731d7dba2960b17f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:13+00:00, 2024-05-07T15:18:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (37196), with no line terminators
Size
10 kB (10214 bytes)
Hash
149f1f916b0c47494c7bdc15122390d4
f6be7ef6c3649f4b83fd19f7459dbce46ff15925
f8ecbd7355d64beb3e23daea185a634fa436012d707160381bb3b65548a9c92b

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 10214
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-27e6"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e4a1c20d5c3192f2df19f3ce9d371793-c7399c3d9f4182c0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:12+00:00, 2024-05-07T15:18:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js

185.244.209.62

10 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (36638), with no line terminators
Size
10 kB (10115 bytes)
Hash
63e1a6027725eca572736670eb935432
e3578492cf68e66a44f556a98545294a5b1bed5a
e96e0e4abe03d7fb0d2449e0f2bf27bb0ee85cdd4d7b4098276c712842b45d8c

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 10115
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-2783"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-021177edfe82d75e762a4a63bca842ef-ccfa822b833c11f2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js

185.244.209.62

5.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19536), with no line terminators
Size
5.6 kB (5565 bytes)
Hash
860ea683ac1ca8494adc10cb2ea4fcdf
a1004cb9bb3a036d215dfbf6b9bade88ad81a7a3
e8fcc72111c9040f545dd314899e61e406ceaa76601c816dc3c1a7b407f88850

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 5565
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-15bd"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-130ef9f0c76096adfa75ac21a190bd96-118d7d0069210c31-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/4b5c6c89.css

185.244.209.62

6.7 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/4b5c6c89.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (53058), with no line terminators
Size
6.7 kB (6667 bytes)
Hash
173f5247c95e1b42bb3b77ed0a8eb44d
5b4b32ac3c6b995e254b7e8e1ecdf00ef4882aa9
f20b6d24581afe4c6af83abbc14b11194385c8e5f15a27e972724f61891c6dd0

HTTP Headers

GET /_nuxt/desktop/default/css/4b5c6c89.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: text/css
content-length: 6667
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1a0b"
content-encoding: gzip
expires: Tue, 07 May 2024 12:55:22 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-429d22b0815f9822f3b90007934d96f5-9ca0cd58be0789fd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:55:22+00:00, 2024-05-07T15:18:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js

185.244.209.62

32 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64912), with no line terminators
Size
32 kB (32522 bytes)
Hash
474bfa89621896100251055f7c19712b
0e19c615fc77f9ed2d69d74b7f8a42d41c6f5138
ea0fef6e0a33df0b36bdce2df6b8bf50eef0dd3b71c7c6fc567a7d7c5d39fdd3

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 32522
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-7f0a"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-268edbb441898ba746f7234ca3ba1f0f-e1bba073ac3a621e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css

185.244.209.62

200 OK

4.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (38649), with no line terminators
Size
4.8 kB (4780 bytes)
Hash
8ab5f1e804e2a4565dea164054ff0907
7ee2bea2c9dcb6424f707c35588a316a249270fa
ce3424802faaac382a0efe23fbc285123fae95d0461ecf26e4881e1907acd9ec

HTTP Headers

GET /_nuxt/desktop/default/css/f72f2b10.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: text/css
content-length: 4780
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-12ac"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-05b5585f07612950538195fecf043f48-d7d3fb6eefc09a20-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:13+00:00, 2024-05-07T15:19:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js

185.244.209.62

37 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65461)
Size
37 kB (37176 bytes)
Hash
aedaa99fcce183a213f358a727e9eb87
7fe33331acbced57be412f96baff3a4595e207fb
2ccadc0a2eea97aeeb5f1825ad9bdac3873481a54bcd3b42cf6724271cd0f6ac

HTTP Headers

GET /_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 37176
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-9138"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c8e3e28475d1a7e803649c94b8eb9188-e92671a75203c099-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js

185.244.209.62

29 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64788), with no line terminators
Size
29 kB (28917 bytes)
Hash
6bb873114649db4b87839383a7d31921
91b56ad064a4b8fd0d7edb89a040c6b9d06866aa
6dc41e4f75d65dd3dc2f311198e1a9b2b65e0687c2d905b7d64cf9265f7bda2d

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 28917
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-70f5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a3b3e28f97d33215cca4321f3ada1bf8-429b61e33bf0853f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js

185.244.209.62

22 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
22 kB (21889 bytes)
Hash
45f90516ee8a557d78c08e1e925c1490
adc0363ed75f47f9513a36a94173c6e4940a2adc
f5b8b3c4e62dbb4ebc5fd634f5bb17b3145a14c21bdc3e9c0a4dcb45b9e573fe

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 21889
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5581"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-64ca14683524b38ba546e38fc2525991-4127f8239d526568-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js

185.244.209.62

4.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12527), with no line terminators
Size
4.6 kB (4556 bytes)
Hash
805e7c2cd861f2191db66c39ab28e86b
a6353246547e9a9fd01093fcb784d708d187e3ef
82686dab55962ead6916346bd901b3fc03357bb2a0e74dfe966ff784d75b2368

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-11cc"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c96bf7353e624773a3700e39e3b3a036-566613a300b0d24e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css

185.244.209.62

953 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3352), with no line terminators
Size
953 B (953 bytes)
Hash
748da80084597d87b4ff5e98b017b07b
db6ad2ec24bfcbe751a23061d935403e1163f471
4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24

HTTP Headers

GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: text/css
content-length: 953
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3b9"
content-encoding: gzip
expires: Tue, 07 May 2024 11:05:11 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e660e4ae591f19f5c5ebec8260d9c87f-2db518c6d4438d55-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:05:10+00:00, 2024-05-07T15:29:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js

185.244.209.62

8.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26717), with no line terminators
Size
8.1 kB (8055 bytes)
Hash
ead4a901af60e4b8138e732f0aea9637
7c1d57d444a07553738ddcb8b6a2bee305a0c215
e6bc116e4cb54d011d2a1fa1f87ab12d1f320aa8dc54c89b1f286f2b02ee14c0

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1f77"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4c9825ebd05538b95a2354cbad92a0f5-33a795482427846a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js

185.244.209.62

2.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6960), with no line terminators
Size
2.1 kB (2120 bytes)
Hash
91d17dbf833b48149a8b5d2f21895879
bd71a45fa4419ab4ddbc676f0a9cca2be05e1703
f085ff2e310ab82817411e3ed64d0902de49e149d0958cadb91d518ed5854335

HTTP Headers

GET /_nuxt/desktop/default/date-fns-locale-21-290f49eb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 2120
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-848"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ed6154ecd61a2b9f210b5dca84ee21ae-909894846e2c868f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:15+00:00, 2024-05-06T16:05:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js

185.244.209.62

999 B

URL
v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2336), with no line terminators
Size
999 B (999 bytes)
Hash
b44bc16cd2630bfada5ec9cbdbfcafab
43918946155d48f6cc8ecba42e2cf2cab28debd7
189ec6fd8e44cc47498706a2d2c815da1dc255040ef5ef57f5faa7c10c05ae42

HTTP Headers

GET /_nuxt/desktop/default/DC-7e6a4aad.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3e7"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-82e536c0014c34112d8634825da7a424-8332772afb47ea19-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:01+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285

178.253.29.51

141 B

URL
1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
141 B (141 bytes)
Hash
bd9be2fa89d26e9e6f1b2e08ffcd0ed6
90eae25ee792254c7ca97e98c5782078f9bdc37f
c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1920; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 1182
x-request-id: b5093de1acf4e7f24b28e70ee666c35b
x-request-guid: b5093de1acf4e7f24b28e70ee666c35b
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.6889572143555, wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/version.json?timestamp=1715097040922

178.253.29.51

44 B

URL
1xlite-461430.top/version.json?timestamp=1715097040922
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
265e4e9c948f929631d7e9bcf0d19d5b
c70f40cde4e09003b980fdae5130f3695de16add
62ec6fa5c15470b882bd7e05f5651b0a265a0cb2857cffa5cbfa34b3d2cf42ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1715097040922 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1920; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/json
content-length: 44
last-modified: Mon, 06 May 2024 10:24:15 GMT
vary: Accept-Encoding
etag: "6638afcf-2c"
content-encoding: gzip
expires: Tue, 07 May 2024 15:51:40 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js

185.244.209.62

200 OK

1.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2425), with no line terminators
Size
1.6 kB (1577 bytes)
Hash
3a0e4a54185bcc66d2e032dd30a385eb
627755ca54def0761f25f827d5b4cb483e1ca83d
e0bc5ffed1e6fd6285fea94e991fa8ec48a5f17677519c766d7ee7e757a02239

HTTP Headers

GET /_nuxt/desktop/default/Betting.Core-d4a24bae.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 1577
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-629"
content-encoding: gzip
expires: Tue, 07 May 2024 10:54:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1e0e2cedc575e7a56829dd04aceb97c0-450eb26a9e961c46-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:54:52+00:00, 2024-05-07T11:19:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

23 B

URL
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
d8c38b858e798ea5f5a68f3d3531fcaa
c34c78a9703fc9ece6c4633b80155e494ce2fb4b
41bd7cd14bd25879a9cfb9ffa5a47217cabd39a948f0eccfe9b3a385a7ee24ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Content-Type: application/json
X-Lang: en
X-Uuid: 0e76dcb3-8923-47bf-883f-209da2a56960
Content-Length: 81
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1920; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js

185.244.209.62

1.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3229), with no line terminators
Size
1.5 kB (1451 bytes)
Hash
0cc9277dab4117c9b162cc01e1f0b97f
5b7d9007e2d99d3715c5f226aadf44aa4da4332b
6d7637a83c7812813039573e9c67efbb30e4021a971c546621a397eb72ea4bd0

HTTP Headers

GET /_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5ab"
content-encoding: gzip
expires: Wed, 08 May 2024 08:42:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e39c9f04a85cf964f5d6b2cd26022afa-61c43b645d09eec8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:42:00+00:00, 2024-05-07T09:23:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js

185.244.209.62

1.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3073), with no line terminators
Size
1.3 kB (1321 bytes)
Hash
66c4eb11ec60384b198e73db080c0f32
6fb7618e384b9e01454c7b984728236f178192da
b45c772a5a204e430a575b896edc43205412a5f28539c2e48c152df7669ad7cb

HTTP Headers

GET /_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 1321
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-529"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-04b84760fd63ea979cad6d005d929b3f-63f2fee9a6bba61a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:15+00:00, 2024-05-07T15:18:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js

185.244.209.62

7.4 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32231), with no line terminators
Size
7.4 kB (7381 bytes)
Hash
56a0eecb3ec4576e9abf6f8f3e2707f9
6ddfcb4b1669c1323d87906b720fe8e4c258c143
81a5331c3ce30f9e8f21bf5e69591e24dd0c77d9b69157bf0a5e2242fc299ed4

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 7381
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-1cd5"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:53 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-17f6f847c410f0387b3921a66eeb47c6-45133ccaa49212bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:53+00:00, 2024-05-07T10:11:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js

185.244.209.62

7.7 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (31337), with no line terminators
Size
7.7 kB (7722 bytes)
Hash
f9da465f4f7355523306ce6bbf89c0d5
c39974e7867bcdd6bbe385ba52c9be335afdfe6b
a5ff3777031e8ee4babfe1d6a7a6fff1fb2fc0db58de71ea8202bc37a7aab0f2

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 7722
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1e2a"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3fcc8b71999c5c8dca2a617dca4fddef-85b96998011dcf4d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css

185.244.209.62

200 OK

3.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (22886), with no line terminators
Size
3.0 kB (3006 bytes)
Hash
f1e1bb557e1155bf9c70751dec445176
013c5224a1bbbf0d6603f25e31863aa90f279b40
7aa1af5184d161c5f279c0da3199cef2dfc0aac5e90cce3e880f1f89401a0a15

HTTP Headers

GET /_nuxt/desktop/default/css/ad481252.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: text/css
content-length: 3006
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-bbe"
content-encoding: gzip
expires: Tue, 07 May 2024 12:29:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c851ad0ea1fe41c60a2b08f4c6ba96ea-24e5f5bc0c3d07a8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:29:01+00:00, 2024-05-06T16:09:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js

185.244.209.62

25 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65483), with no line terminators
Size
25 kB (24938 bytes)
Hash
756179b1f968d35107908086a552c869
5c1f6c8a0c1eed4246c04dac52c4b7056fc991e8
37093cd5b15bf40421db8a64625a01317d043479685d2e1f84accb8fbf992ea6

HTTP Headers

GET /_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 24938
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-616a"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a8190e1aebee8914f4b7cd7f0b124cf7-af909b4c07884a7a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (27479), with no line terminators
Size
7.4 kB (7388 bytes)
Hash
18963957c8f45d24c0819a973d362e7b
5a1846a89c5cc9e8028044ff5948bd94f428c412
d1c98b4199c034c2a115ba70268a3e536640ca8b992887df0b085d476ab1275f

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 7388
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1cdc"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f24c691c7685d5249fecfcac27075964-44b30fc6d106b10a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-06T16:09:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85022173.css

185.244.209.62

1.7 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/85022173.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9757), with no line terminators
Size
1.7 kB (1731 bytes)
Hash
d9ff2bf37891da2be05d7fd5442113f5
419f63a7b47f983139a1cdc040707ab4b90bc255
05d90d1e2368c45cf52f0796d76035b98b8ab02ff57d218005ddffbfc20963c5

HTTP Headers

GET /_nuxt/desktop/default/css/85022173.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: text/css
content-length: 1731
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-6c3"
content-encoding: gzip
expires: Tue, 07 May 2024 12:55:22 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-31b238be706e533e9c431ce1cdc5ee43-4b9038102be0c0a3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:55:22+00:00, 2024-05-06T16:09:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js

185.244.209.62

200 OK

7.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (24523), with no line terminators
Size
7.6 kB (7605 bytes)
Hash
dff08fc651e74f6ad7d80f2cb43e29e5
e1b0c10b245faa60623785bdefd27c9999483231
fb6ee46c49eb61f09a2dbfe856f0b41f4206323fd9dcc2dc8921ce951b9780bf

HTTP Headers

GET /_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 7605
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1db5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-87507bfb230251e132e51ef24615eb0a-c140926a66d2a6c5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-06T16:09:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/9f2746da.css

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/9f2746da.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6439), with no line terminators
Size
1.3 kB (1305 bytes)
Hash
cdd7464b2b178b37ed8a1368b6383203
0a13fc4908d91476649bb51e33d690b460a5a89c
aeacff8e3f578ea2842f067e3f42d53e72a4f668cf526c60dc659bd89f5a3c6b

HTTP Headers

GET /_nuxt/desktop/default/css/9f2746da.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: text/css
content-length: 1305
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-519"
content-encoding: gzip
expires: Tue, 07 May 2024 12:29:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c1a69bd6bee6bcf4f5b2b197c414e6d2-b16f960383f570b3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:29:01+00:00, 2024-05-06T16:09:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js

185.244.209.62

19 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65283), with no line terminators
Size
19 kB (18960 bytes)
Hash
4fb1e7d0f5418f3df96622b000ebe6fb
eef890c8cf6d2c72eae34e39ba2e8e6ff79c8754
fd9fede696dd12b00cc9af15ca68f1209b5fd351f5bc32052221adbbb12d8e8b

HTTP Headers

GET /_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 18960
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-4a10"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-73dfc2411f25c837f68b3adafe6bb1cd-f481f56e42df279d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css

185.244.209.62

459 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1526), with no line terminators
Size
459 B (459 bytes)
Hash
97fdf5b6e7dfddf6ab251e984133b2c3
bb552fe685c52c34e0ed91e4dfaa9df2675ad086
92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3

HTTP Headers

GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: text/css
content-length: 459
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1cb"
content-encoding: gzip
expires: Tue, 07 May 2024 11:05:30 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bbcad58e0bb96bcafbf3f4dd6d0bf975-ffc52b70c32b746c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:05:30+00:00, 2024-05-07T15:46:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js

185.244.209.62

17 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators
Size
17 kB (16831 bytes)
Hash
45302df89a240c65824afccc0240c030
84573118a402aa9a4ee0321ccf3f914c438a8369
25b695450684f580508f24855ea2d181ecd499e26573010621dd4a2ddc5af16a

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.media-233f5bf5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 16831
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-41bf"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-13493db8e03a1ec33381d38253f2b356-ccd07392daa933dd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:14:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css

185.244.209.62

180 kB

URL
v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
180 kB (179534 bytes)
Hash
a2d3e85dfb5a9b4f2e0dfe263526d22a
aad2af465e92d0faf4bdee7462102932e898db88
47ab278e30a6915cec13a4691cd5ad0699fae401234e466d0a07a4e9838c4c41

HTTP Headers

GET /sys-ui/2.2.11/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:41:52 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713872392.088051093
content-encoding: gzip
expires: Wed, 24 Apr 2024 14:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.008
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1a99f67cf867fef91625641f5356b8de-45e2029b49a275b0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T14:28:29+00:00, 2024-05-07T14:49:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js

185.244.209.62

4.7 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16761), with no line terminators
Size
4.7 kB (4726 bytes)
Hash
fda91a0dd5e8251a0c4c540d7e54ed52
3c4a6e38286708cd62ff071ccf97e73f37200728
b3c3c2ee09cf4af0164878165cd9971fbfe83a461c18ad0ef7cfc33b36b782ef

HTTP Headers

GET /_nuxt/desktop/default/betting.media-64ed71be.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 4726
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1276"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f20b1f293c47308edb110008e4556d16-e01813bcb0a3465b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:14:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/session-api/sessions/user

178.253.29.51

200 OK

16 B

URL GET HTTP/2
1xlite-461430.top/session-api/sessions/user
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
646b2e82b65602d35f7aa6283c387e3a
b163a70c5df8e4b0861a23a04f8a6f78393747f4
b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.3799667358398, wf-uht;dur=0.010
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137

178.253.29.51

176 B

URL
1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
176 B (176 bytes)
Hash
ac86deb03def477abf768a8455c8aa90
87bbc45a47946c01a6f494da652c5b1940e4a62c
6a19047f1e73a26daaac3ec171356c005d39984c931de6c0c0b4184ade05c55b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/json; charset=utf-8
content-length: 176
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css

185.244.209.62

97 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
97 B (97 bytes)
Hash
9deb70dd3fbdc7061ed21c5632fbc55b
22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8
be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9

HTTP Headers

GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: text/css
content-length: 97
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-61"
content-encoding: gzip
expires: Tue, 07 May 2024 16:27:42 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-765d125f71a5e8341e057ba0d5b1d6b2-8e9277737da335fa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T16:27:42+00:00, 2024-05-07T13:45:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en

178.253.29.51

2 B

URL
1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=12.96, dt_total;dur=17.293, wf-uht;dur=0.025
traceparent: 00-64c4fb46f1524f932ea0556f18ff2d9b-a623ba56b4647be0-01
x-dt: 285
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js

185.244.209.62

8.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (25972)
Size
8.5 kB (8520 bytes)
Hash
e30c678eadf7bd0fcc773e1599b97ddf
41243dc14d9eb2569fa832a3b8c27fc0158991aa
a4334d54b8db6d6eceb88c48ee428dfbb0ad3749d4137439f77859e205b52806

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 8520
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-2148"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b28e796a6c6c550f460beb6e4673b11f-442dde65b4dde8d4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:30:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css

185.244.209.62

1.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6262), with no line terminators
Size
1.5 kB (1505 bytes)
Hash
09f1bd90913ad83743065cc13ee3e0c6
0f1d49d4ddfccf474d882839c1ac901a8c1d91e6
b0222e16baaccc20a1143166da7715bbab586f1d8d8bebf26f91e98738a55a92

HTTP Headers

GET /_nuxt/desktop/default/css/25e24e18.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: text/css
content-length: 1505
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5e1"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-be7c598720a6ceb418551ff227746585-82e667a4bba1ec66-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:59+00:00, 2024-05-06T16:17:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js

185.244.209.62

21 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
21 kB (20768 bytes)
Hash
05e740893c07a5cc45b5f0f2d787dbf5
28c364157e02ce207609bca53064a4b513e8bda7
a2af38a1cec7178448ce8d1aee99190b643f50894d3d05cac2e5234caeac8e5e

HTTP Headers

GET /_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 20768
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5120"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4da571e47d46e3cf4cd1d65f1a895fe2-44d7e51e1bcea32d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-06T16:17:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.51

200 OK

2.4 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.4 kB (2441 bytes)
Hash
146ce438d914d6062b0d69afa0a08ee0
b3d6ac626a1d4b4efca10a809b094ebe5e22e2c4
b7090b8eff7d1bb892a7d5f3c4d5cf69539072869dddd13d33c1f12b12a0140d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/json; charset=utf-8
content-length: 2441
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:38 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js

185.244.209.62

579 B

URL
v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1003), with no line terminators
Size
579 B (579 bytes)
Hash
54f54116f151f6469527d5f5c584887c
8078098cda5d50eeb285da4fc78655562f8324ed
8112adb0bbfa619109d5a6c3263e5e1761599c14b3c474b58b2f5ca512b46efb

HTTP Headers

GET /_nuxt/desktop/default/betting.coupon2-183c618c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 579
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-243"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d9fd457ef66c4584624db69f4357c29b-e560795753e29543-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

200 OK

258 B

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
258 B (258 bytes)
Hash
23a9ce17efdcd605b9b02ba0623e01a0
45083b9889c00fd0c5ca071a5cf88fcac60de414
d88ab635adeca3365b7a2e345102f87817f01f22a73d15fd1ae4f97b116f4331

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/json; charset=utf-8
content-length: 258
cache-control: no-cache
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:42 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg

178.253.29.51

263 B

URL
1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
SVG Scalable Vector Graphics image
Size
263 B (263 bytes)
Hash
28e2c161800b61b985a163f5c492ae51
8845ea940210b4ccb195cca855a598e6aaa58ed0
77c93c24e4eb0f8815a7526d405818c9a38ba6e4317f1fee588fffbc00cb17de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: image/svg+xml
content-length: 263
last-modified: Fri, 23 Feb 2024 10:01:24 GMT
etag: "28e2c161800b61b985a163f5c492ae51"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg

178.253.29.51

200 OK

296 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
SVG Scalable Vector Graphics image
Size
296 B (296 bytes)
Hash
b1bf63d00887bb0354e9d89c7d790a01
2d64ab25c9afff682abd6732f62ba62a197e972b
a6a4fbbd99a0a82de03f05da827ccd9d019574bf3450727530403c2b5ce92df0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: image/svg+xml
content-length: 296
last-modified: Fri, 23 Feb 2024 10:03:47 GMT
etag: "b1bf63d00887bb0354e9d89c7d790a01"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg

178.253.29.51

200 OK

506 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
SVG Scalable Vector Graphics image
Size
506 B (506 bytes)
Hash
9c340eae608db0c25657b4a73d769afe
988fbf333a2e9290211cd9e6b7c98c59719012b0
b92e969acd8a1e0f9cfd1f84080ca5ccb8cb49b105299434c275a8813faf841e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Fri, 23 Feb 2024 10:03:36 GMT
etag: "9c340eae608db0c25657b4a73d769afe"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js

185.244.209.62

200 OK

365 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (416), with no line terminators
Size
365 B (365 bytes)
Hash
f82b46dce7c19fd9f12e08311e06b4d7
a22d1a217e0b5665e976cecf1cba74c7f884ba21
a5a3de88355ca693c9e33b10b37c3f175362fb3c581ab02c44fbb4fc424c4b1d

HTTP Headers

GET /_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 365
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-16d"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:30 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3debb2f6d97f172340a19fda49a0f41e-cf9a8395708bb821-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:30+00:00, 2024-05-07T15:29:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/injector.js

172.64.148.184

77 kB

URL
widget.suphelper.top/injector.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
77 kB (76897 bytes)
Hash
83aac4ad5ef534324323094c239bf166
29a8ab509f2166a49720357c2329bffe145d7557
e9ea40220ea5792be2e5225127a90cf23c3cb18b28caac7683638a25ffe3a3ca

HTTP Headers

GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"32e7a-18f381bf77a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 54
expires: Tue, 07 May 2024 19:50:42 GMT
server: cloudflare
cf-ray: 88025e02fd301c16-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/common.svg

185.244.209.62

61 kB

URL
v3.traincdn.com/sys-icons/1.0.328/285/common.svg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
61 kB (61147 bytes)
Hash
6c88fa4c25055165826c848a41709d56
36ba3c5cf393eb846b92088ad9a38e97275e3cac
29549828e2cbd5a09eafb8da2b5fedc2e32dadbdd5d2aebc0bfbc45e5765b06c

HTTP Headers

GET /sys-icons/1.0.328/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8e2b871ba34402882841c034e7dcff70-ca66f67e7a20e733-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:01+00:00, 2024-05-07T12:12:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/sys-betting-app-front/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510

178.253.29.51

200 OK

28 kB

URL GET HTTP/2
1xlite-461430.top/sys-betting-app-front/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
28 kB (28329 bytes)
Hash
083ae29b1f1cae90e26aedb533e5fb04
bf410c6bdf3088471e3a390660a12837805464b3
65b0e0380ab3bf7a860f635121a7a1cb7271b786cba1cc7358f1b374a2a6e808

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-betting-app-front/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
mf-render-mode: json
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/json
content-encoding: br
server-timing: total;dur=211;desc="Total __BETTING_APP__", dt_total;dur=213.914, wf-uht;dur=0.228
set-cookie: tzo=3; Path=/
traceparent: 00-3fe8b266ab9c8c2141b9c25db09e9f0f-ee29c82a66fc9d97-01
vary: Accept-Encoding, Accept-Encoding
x-dt: 285
x-time-ng: 0.213, 0.215
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/95bb79a7bd02004622790173256e13d8.webp

185.244.209.62

688 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/95bb79a7bd02004622790173256e13d8.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
688 B (688 bytes)
Hash
3ca49ed6ed68f1b14fdef8061e2e8328
4bf72719e6d755085f5d04a8bea59e76118e30fa
e4cb25fa286121fe727173c9f7b9098ea66b1acdab254db6ff0cd279eed3c197

HTTP Headers

GET /resized/size16/sfiles/logo_teams/95bb79a7bd02004622790173256e13d8.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 688
cache-control: max-age=94608000
content-disposition: inline; filename="95bb79a7bd02004622790173256e13d8.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 04:08:52 GMT
x-request-id: c746c1b65d7a1e8dd41151085dd43b14
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-91fbf1f2cac525f96a32fafb27ed5d20-6eca17a6eaae1f78-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T04:08:52+00:00, 2024-05-06T17:24:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/7abea0bb641bff03198250d3ff5191ce.webp

185.244.209.62

200 OK

618 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/7abea0bb641bff03198250d3ff5191ce.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
618 B (618 bytes)
Hash
31ba88c02717e2d3292fbdba96228ea7
cb20c6bca278e0ce92a28f75086c7ae5c24ebffa
9dac9c344eda656f2a138b20f7c2c5bc431e3610e9ffc57850bc610ec4713e4d

HTTP Headers

GET /resized/size16/sfiles/logo_teams/7abea0bb641bff03198250d3ff5191ce.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 618
cache-control: max-age=94608000
content-disposition: inline; filename="7abea0bb641bff03198250d3ff5191ce.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 20:10:32 GMT
x-request-id: 73b19040db5a916cb57a625a1080137d
x-time-ng: 0.038
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c68dfa67be90f903461e00a665736e3b-42f831790ff4a7b8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T20:10:32+00:00, 2024-05-06T17:24:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/af0e77511f0ec56d35d29177f368f5d9.webp

185.244.209.62

200 OK

728 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/af0e77511f0ec56d35d29177f368f5d9.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
728 B (728 bytes)
Hash
2164df7074cee31b5541a29b9388316d
ce12679fa1246d9896e8709b603bcf4075b96036
d9e7e03fd27f76a8a156cea96e966afb83de37f0f1ec80b87834b24a03fa33ee

HTTP Headers

GET /resized/size16/sfiles/logo_teams/af0e77511f0ec56d35d29177f368f5d9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 728
cache-control: max-age=94608000
content-disposition: inline; filename="af0e77511f0ec56d35d29177f368f5d9.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 14:49:08 GMT
x-request-id: 6c00d5fb162a14f43f234afc94452255
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4d6012834253769a4777596237baf6de-600ac8781ca0d4a5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T14:49:08+00:00, 2024-05-06T13:28:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/4f7d8870e9b7cd264081a335073cd55f.webp

185.244.209.62

748 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/4f7d8870e9b7cd264081a335073cd55f.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
748 B (748 bytes)
Hash
25be67e15327791caa7c3257ff00f8ef
b68537d04d72ce7695d3c3a79421250a3364fb08
3cb1564e2ae37a4e0594aea9fa2b425cf77d92504fd743907d4e89e4fce3425e

HTTP Headers

GET /resized/size16/sfiles/logo_teams/4f7d8870e9b7cd264081a335073cd55f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 748
cache-control: max-age=94608000
content-disposition: inline; filename="4f7d8870e9b7cd264081a335073cd55f.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 15:03:08 GMT
x-request-id: d3daace4c1cbd589aed7e4e56b3e5f42
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d5f9af7ad43233c1948ce2794d3547bd-d8983a5893dc9215-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T15:03:08+00:00, 2024-04-30T15:03:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/93e361d707c9c9953ce2091bcc3d4530.webp

185.244.209.62

614 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/93e361d707c9c9953ce2091bcc3d4530.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
614 B (614 bytes)
Hash
28b839b20ad18a07353cc48745419047
9ceb30d60a85dc87adf4b498eb748e56db3838f6
83262270cdcbe7237122bd131d23a35586ac0c8ae3d023000f832c9b053d011c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/93e361d707c9c9953ce2091bcc3d4530.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 614
cache-control: max-age=94608000
content-disposition: inline; filename="93e361d707c9c9953ce2091bcc3d4530.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 14:42:16 GMT
x-request-id: 5ce312454135a514028dd98d4863db31
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b0ebcc3855b6f1463d0eea5696851d6b-0166233c6c6a4036-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:42:16+00:00, 2024-05-06T17:24:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/726e6477da0f0c2e79b03752de657b65.webp

185.244.209.62

780 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/726e6477da0f0c2e79b03752de657b65.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
780 B (780 bytes)
Hash
2558a039c9a534afa2c1ade6f236cc10
a78bc0b934160ae99c69737f93c82232bda614b8
4e7a1a277c984ced830faacb427ffe168dcadff4025eb7b29e15c0b8f367eba3

HTTP Headers

GET /resized/size16/sfiles/logo_teams/726e6477da0f0c2e79b03752de657b65.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 780
cache-control: max-age=94608000
content-disposition: inline; filename="726e6477da0f0c2e79b03752de657b65.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 07:03:21 GMT
x-request-id: 3a39e2f59f28685bc8d0cdddbbc42b89
x-time-ng: 0.037
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-17fc1605d9e987b3fb1b3c8541a3619f-8def048d3a9a3807-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T07:03:21+00:00, 2024-05-06T17:24:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/95f0c06eebf7531f7c63465493dcfa01.webp

185.244.209.62

200 OK

578 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/95f0c06eebf7531f7c63465493dcfa01.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
578 B (578 bytes)
Hash
ae206589cb040b9050b4efcfbd2f71e3
c62ac3027033bd4ffeef7b70b11914d81fe97edd
427e1062eacb05a58a32eb9ade321062a33e996171fbb6b3498977947825d601

HTTP Headers

GET /resized/size16/sfiles/logo_teams/95f0c06eebf7531f7c63465493dcfa01.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 578
cache-control: max-age=94608000
content-disposition: inline; filename="95f0c06eebf7531f7c63465493dcfa01.webp"
content-security-policy: script-src 'none'
expires: Tue, 27 Apr 2027 22:54:22 GMT
x-request-id: 3688dcc7fd9cf1dc2a8871bebb1cd26b
x-time-ng: 0.033
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8da203b98b8a0ee73e6ead6c57a94493-9b0c5ac9033a4a1c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-27T22:54:22+00:00, 2024-05-06T17:24:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/aa2907ebbdf9f6e1d112f2699426078f.webp

185.244.209.62

744 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/aa2907ebbdf9f6e1d112f2699426078f.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
744 B (744 bytes)
Hash
39a02dedc474ce54873ee777eb1fc22a
6670b5b66753334422e5fb586073b67cf05b5e53
86ad2e170ef9fe4fe7e16b4be54af197b80962726ef4168d43793c404d5bcda4

HTTP Headers

GET /resized/size16/sfiles/logo_teams/aa2907ebbdf9f6e1d112f2699426078f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 744
cache-control: max-age=94608000
content-disposition: inline; filename="aa2907ebbdf9f6e1d112f2699426078f.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 10:35:33 GMT
x-request-id: cd290797e02c0fa71c6a91f31e814f25
x-time-ng: 0.075
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b60f0b1bf6c6798c1a3ae571711b552a-1a1ab6b5d208db36-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T10:35:33+00:00, 2024-05-06T17:24:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/2236701.webp

185.244.209.62

766 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/2236701.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
766 B (766 bytes)
Hash
6b49f04892c1006152662533d157d84f
59a5d6a73d4cdfa2f250d9d0f8bffcd0c7610734
b3380b86a2810e57b81c1d6ff25a38ac2b9140453addee9011be370650148ead

HTTP Headers

GET /resized/size16/sfiles/logo_teams/2236701.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 766
cache-control: max-age=94608000
content-disposition: inline; filename="2236701.webp"
content-security-policy: script-src 'none'
expires: Sun, 21 Feb 2027 13:12:24 GMT
x-request-id: 28230e4d5d0646112015561b1ec22672
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8a19de3461d9f34920985e406544712a-b53f75a4a112cf13-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-22T13:12:24+00:00, 2024-02-22T13:13:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/52901.webp

185.244.209.62

758 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/52901.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
758 B (758 bytes)
Hash
64a3e0fa5c1822f049e7beec80b71264
e2498d6564ec42e55580806daf0a715499801ec6
dd1f1aef1bb0505ceb14c01fe239500b38db92e935a34ce7c0ed901195056870

HTTP Headers

GET /resized/size16/sfiles/logo_teams/52901.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 758
cache-control: max-age=94608000
content-disposition: inline; filename="52901.webp"
content-security-policy: script-src 'none'
expires: Sun, 21 Feb 2027 13:12:24 GMT
x-request-id: 7a6a02b0399a47bfe5fb65617eb8bae3
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b01854783eeebf4992079cb0accf3001-38c36b1f070afec0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-22T13:12:24+00:00, 2024-02-22T13:13:57+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/407e3f43a3627577256dd6545f65adcc.webp

185.244.209.62

4.2 kB

URL
v3.traincdn.com/sfiles/logo-champ/407e3f43a3627577256dd6545f65adcc.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
4.2 kB (4224 bytes)
Hash
eeb47ddeb14a734e9b82a4134e4d96c6
d38b5f569ad87151fc7e9f8cccfc964d5f82a7b2
c3754566035e0f00775deebc3733c782637bd40e78f55299ee9c3dfaac5af2d8

HTTP Headers

GET /sfiles/logo-champ/407e3f43a3627577256dd6545f65adcc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 4224
last-modified: Thu, 28 Sep 2023 05:23:12 GMT
etag: "eeb47ddeb14a734e9b82a4134e4d96c6"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-195ea05c08c4763ec95de36fe7193773-e488026ad1a0fcb7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:35:33+00:00, 2024-05-06T19:12:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/bbc22caf907397cb33ae61434c11df23.webp

185.244.209.62

506 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/bbc22caf907397cb33ae61434c11df23.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
506 B (506 bytes)
Hash
681436beb6bfbd7330b72a53a2f3a3f1
cb1357ff56c2b8cb4c46828b54d5025de22e9eb5
4d5642ad51db07b300dfd1e52e81a98593e60694a2af2010446ff9f62d1e134a

HTTP Headers

GET /resized/size16/sfiles/logo_teams/bbc22caf907397cb33ae61434c11df23.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 506
cache-control: max-age=94608000
content-disposition: inline; filename="bbc22caf907397cb33ae61434c11df23.webp"
content-security-policy: script-src 'none'
expires: Mon, 03 May 2027 02:50:06 GMT
x-request-id: 808b656d4035520f0b1348da9469a7f3
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8d7b39aa61ee27bdfbff46645ddc87e8-7d180d4793e92df9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T02:50:06+00:00, 2024-05-03T06:35:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/c4b8045b1ceb484ca641b37ada977eeb.webp

185.244.209.62

200 OK

858 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/c4b8045b1ceb484ca641b37ada977eeb.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
858 B (858 bytes)
Hash
d37dca48426a8858227a0e51c5cbd1b0
7ab38c07c5bdcd1412e03ba8ea91d0c6cf67dd7c
3d903487e615f0dd35adbc116cbcfd7023a4c01044e3c17364690f257fac2031

HTTP Headers

GET /resized/size16/sfiles/logo_teams/c4b8045b1ceb484ca641b37ada977eeb.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 858
cache-control: max-age=94608000
content-disposition: inline; filename="c4b8045b1ceb484ca641b37ada977eeb.webp"
content-security-policy: script-src 'none'
expires: Fri, 16 Apr 2027 18:26:32 GMT
x-request-id: ba73891d49d05d3ae060686b74ea1766
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b7f0d7221f525be93822dfbf13641f6c-a993ca6434e2b1a7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-16T18:26:32+00:00, 2024-04-17T09:04:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/74d3b633530caf06675e7fe484086c77.webp

185.244.209.62

544 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/74d3b633530caf06675e7fe484086c77.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
544 B (544 bytes)
Hash
6966a8f86f51cfa0ac9f8a8d54ea09e0
25f460a6fa67631b13fe54bf6d94b1f4254461fd
f05fb71537b203c00839c6296840431fdcfef3578992cf0af934f3ce8c5dba3b

HTTP Headers

GET /resized/size16/sfiles/logo_teams/74d3b633530caf06675e7fe484086c77.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 544
cache-control: max-age=94608000
content-disposition: inline; filename="74d3b633530caf06675e7fe484086c77.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 08:52:57 GMT
x-request-id: 11c7f2c96f25dbc2bc61b02214546d61
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-43c94917b5a93ecdb5d520e42d84f8e7-c51eac0a9846bb76-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T08:52:57+00:00, 2024-05-05T22:46:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/139968be4cae2a09b4e32d2265c820c6.webp

185.244.209.62

200 OK

746 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/139968be4cae2a09b4e32d2265c820c6.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
746 B (746 bytes)
Hash
78f5a8358c8ebe672d4cb65f04d7ed78
d18655265a7eafb87031bbb60b2bc14f2b4addae
e21b6d55677fecaea0297a56e541b69b0b90194449d5d409533ebf401279cd54

HTTP Headers

GET /resized/size16/sfiles/logo_teams/139968be4cae2a09b4e32d2265c820c6.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 746
cache-control: max-age=94608000
content-disposition: inline; filename="139968be4cae2a09b4e32d2265c820c6.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 11:13:28 GMT
x-request-id: 089af8e9e7201f413ee4f219efbd9ccb
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-38d34488ead3637e6326203faecabcc2-101a386a01c068ca-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T11:13:28+00:00, 2024-05-04T09:23:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/sub_e_sport_dota_2.webp

185.244.209.62

3.4 kB

URL
v3.traincdn.com/sfiles/logo-champ/sub_e_sport_dota_2.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
3.4 kB (3422 bytes)
Hash
a46689e442c017ae101b316767eca350
2a48883da6738204defdfb8f81f44f78b7bb0731
9d5e3beccf36f35346ea0fabe57602cb4beed97d6e770e7bf74fa67c963d05a4

HTTP Headers

GET /sfiles/logo-champ/sub_e_sport_dota_2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 3422
last-modified: Tue, 03 Jan 2023 12:42:31 GMT
etag: "a46689e442c017ae101b316767eca350"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f0ad534990da057686bbd5467f95cc0d-caffde56cfe62a16-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-01T14:14:31+00:00, 2024-05-07T10:46:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/4d3d7ea8e1f2a61f5689a7b3ad9371aa.webp

185.244.209.62

200 OK

804 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/4d3d7ea8e1f2a61f5689a7b3ad9371aa.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
804 B (804 bytes)
Hash
220763fdd840a617a2bee1d991a8bf75
240496da4c08b3a65ac4755b890db7f3ecb657b5
f351ff104ea64254eeb6f41a063e707656b9f71d37cb29101c18cf680cace5ed

HTTP Headers

GET /resized/size16/sfiles/logo_teams/4d3d7ea8e1f2a61f5689a7b3ad9371aa.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 804
cache-control: max-age=94608000
content-disposition: inline; filename="4d3d7ea8e1f2a61f5689a7b3ad9371aa.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 17:26:02 GMT
x-request-id: c45936ce16f8a5ea16241a352caa1299
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6d6306b5b2fa94afae8ca127fff7645b-b67f97e27440a7a8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T17:26:02+00:00, 2024-05-07T14:45:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/26c9616bfcb83341773385f478a6767b.webp

185.244.209.62

726 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/26c9616bfcb83341773385f478a6767b.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
726 B (726 bytes)
Hash
346e5ff67b76ccd6c0128318a2e137ee
cf454b5bd0f0262d6665c9022690e723ac44b8fc
fb6fcaf1634f4d5c36d7f7132534ee9b10774c347546b980d79368f0f2795fa4

HTTP Headers

GET /resized/size16/sfiles/logo_teams/26c9616bfcb83341773385f478a6767b.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 726
cache-control: max-age=94608000
content-disposition: inline; filename="26c9616bfcb83341773385f478a6767b.webp"
content-security-policy: script-src 'none'
expires: Mon, 03 May 2027 03:01:17 GMT
x-request-id: 1c2e8389e8d70049fd51672f642b57e7
x-time-ng: 0.029
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a3ca807103f7fb3941160b2c4a889bae-d61eb538bcaf1827-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T03:01:17+00:00, 2024-05-04T10:10:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/50307.webp

185.244.209.62

810 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/50307.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
810 B (810 bytes)
Hash
c6c8e6003b31242369d852f6147cf9ca
d2e3972fd516b30a49511f7cf32314ae9c01ae2b
477371ed8c397c60e6bb20335ffc90ea86765f5b0ec8b09dcd000e8750c1eb19

HTTP Headers

GET /resized/size16/sfiles/logo_teams/50307.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 810
cache-control: max-age=94608000
content-disposition: inline; filename="50307.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 13:13:15 GMT
x-request-id: 99bfff532daed0643094021699027411
x-time-ng: 0.042
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6a23ac461cfe0135b9ce3b5062e6f107-c1c3c70fa8bc4b84-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T13:13:15+00:00, 2024-05-06T21:40:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/3392.webp

185.244.209.62

742 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/3392.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
742 B (742 bytes)
Hash
b0e5ef2a8df143131e421fa389d7df4a
3182d763877b19a393a0fda99f3644e6d3c1f867
ca731aa6238cb1b13f8ac08cb52e901f779f6fd6827ca1cc48dd03b115bef6c1

HTTP Headers

GET /resized/size16/sfiles/logo_teams/3392.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 742
cache-control: max-age=94608000
content-disposition: inline; filename="3392.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 01:48:31 GMT
x-request-id: 3b4e27f9bab2bdcbf53341cda5bfc41f
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-832851bc621e363862ab692ad7b62d6f-b8b285076d732e62-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T01:48:31+00:00, 2024-05-06T21:40:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/556603.webp

185.244.209.62

696 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/556603.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
696 B (696 bytes)
Hash
5e359569c5fa8f756744ab0569a51f35
27da711362adba2b9e4f4298f46b836a83adf2c8
4d05fc10247285072e53146419bac02d36f50fffead4bd42bedf47d7362d1c19

HTTP Headers

GET /resized/size16/sfiles/logo_teams/556603.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 696
cache-control: max-age=94608000
content-disposition: inline; filename="556603.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 09:14:29 GMT
x-request-id: b6992e9139bde0669da3b5300f26b702
x-time-ng: 0.062
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-05cc976a946ed9f05b66384ffaec9367-616c831133716c42-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T09:14:29+00:00, 2024-05-06T21:40:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/504b36bdd125a2a4824a09d0fbb1a6d8.webp

185.244.209.62

200 OK

738 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/504b36bdd125a2a4824a09d0fbb1a6d8.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
738 B (738 bytes)
Hash
3e7a62139895e3e814f903038b622fc2
b1d37c8d081b7d1de3443b523a155c43ccbac9ef
4a33c8b30706fd638eaf031394425e7508e4a83333d3b93af599fbe7021839e3

HTTP Headers

GET /resized/size16/sfiles/logo_teams/504b36bdd125a2a4824a09d0fbb1a6d8.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: image/webp
content-length: 738
cache-control: max-age=94608000
content-disposition: inline; filename="504b36bdd125a2a4824a09d0fbb1a6d8.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 13:13:15 GMT
x-request-id: 1ae53ec3052e400bb26c639823cf3572
x-time-ng: 0.032
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a5d411b35508f5c2ff5f503f84747a2c-9828b9a0c1840e7c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T13:13:15+00:00, 2024-05-06T21:40:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

15 kB

URL
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
15 kB (15432 bytes)
Hash
b048aaf749d5230c49f196cf40e68a97
d2a927e4b01d1f50893fc0fbb8c9d711a9f9ab95
2f63111eec272caac8ec45383b92aaeff2d84f8a87ea013bd40dd8ca4476f10e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:43 GMT
content-type: application/json; charset=utf-8
content-length: 15432
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:43 GMT
vary: Accept-Encoding
x-time-ng: 0.029
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.044
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css

185.244.209.62

200 OK

705 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4705), with no line terminators
Size
705 B (705 bytes)
Hash
2b6cccff5325f6e14ccd6ec354319cd6
f4ec05fc468d3daddec1a3d825c29a55ce4b2050
a153e31a0350b58aad71597632348e14c954738845b58f05ca04b8212dbaca38

HTTP Headers

GET /_nuxt/desktop/default/css/ff09be90.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: text/css
content-length: 705
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-2c1"
content-encoding: gzip
expires: Tue, 07 May 2024 14:41:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6359c31aeda363326da0c60296d985c8-ca862cd873f57072-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:41:31+00:00, 2024-05-07T06:06:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js

185.244.209.62

2.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7751), with no line terminators
Size
2.3 kB (2295 bytes)
Hash
3078429361b9801527b7f4deb1ff2633
c0bf69639f54697d7fcf5ee8ed06072a629b3fff
3042f5f56a8fae2d232bd88071179a50133e8d90fd11ec2f52259b23d8e0cb5a

HTTP Headers

GET /_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 2295
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-8f7"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9f76b2928c58432db1d9ae322bac0c02-efba3abfe1803776-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:43+00:00, 2024-05-06T16:25:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp

185.244.209.62

6.9 kB

URL
v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.9 kB (6884 bytes)
Hash
b7304b532dca88cc708b1c81edf7e051
d9ca9db864badb40bcab6d846ba7110413a339d3
324b9021e7fa1a227b418f5b0707e174d86aa20decea945eab3cea41aac8d2ca

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/games-no-faceless.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/octet-stream
content-length: 6884
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "b7304b532dca88cc708b1c81edf7e051"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:10.000Z
expires: Tue, 14 Nov 2023 18:21:42 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6f2a945fb70e0a37a5328939277b5456-8e750dde46374208-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T18:59:15+00:00, 2024-05-07T07:17:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en

178.253.29.51

9.9 kB

URL
1xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
9.9 kB (9850 bytes)
Hash
5e57488ece417dfb2d0d023a6c9d0423
cc3add288721c1e6c3d3e9413fd0de50a9d38467
8da57ebaa0d0d6ecfbac547e80404973484e6cd38820bb8adfcde943511e4c28

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/contacts.json?type=2&lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=7.00, dt_total;dur=42.130, wf-uht;dur=0.050
traceparent: 00-fd628a06031262a4d971ba0b6896b42f-783412936d12d689-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.034
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp

185.244.209.62

200 OK

6.2 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.2 kB (6158 bytes)
Hash
64ff358fd3a82358542d29d53649dd85
0a15b0731a9468fe49e3b512febe91d951ef6156
a9ae35f930c0bf59e407a0c082347049ae11738d330df4e32f4b2b1129d1470c

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-371.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/octet-stream
content-length: 6158
last-modified: Thu, 31 Aug 2023 08:10:58 GMT
etag: "64ff358fd3a82358542d29d53649dd85"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:04.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b74c4d87bbe268361da45eeb4bc343a5-160209a15c57cb2b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-07T07:17:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/colors/f60de5c9eabf4e3e2f1149075d3a68d7.css

185.244.209.62

27 kB

URL
v3.traincdn.com/genfiles/site-admin/colors/f60de5c9eabf4e3e2f1149075d3a68d7.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
27 kB (26621 bytes)
Hash
0cfb0fa5c04b3c85139e856415ce911c
31b84989967b7401c444f9a0be85580ac8bd0065
5f889ca2b9c0c3023418a179c6c27c6477dbd979f91c2eeeeb9061e996dde3ac

HTTP Headers

GET /genfiles/site-admin/colors/f60de5c9eabf4e3e2f1149075d3a68d7.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:39 GMT
content-type: text/css
last-modified: Tue, 07 May 2024 12:38:10 GMT
etag: W/"f60de5c9eabf4e3e2f1149075d3a68d7"
content-encoding: gzip
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6085bb31ff030ca8f8857192f1b097a4-2998a4e4f7805ae4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:39:42+00:00, 2024-05-07T15:40:31+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp

185.244.209.62

4.3 kB

URL
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
4.3 kB (4256 bytes)
Hash
8c2b80027d3818f6bc91227418589ee6
c6d3c4595860bd3d685e4ddea5d4610a6f642a9b
cec387d33e94b8222d71031dbda50143a7ea2e1470d2c96c9e147aa4c4a43960

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-69.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/octet-stream
content-length: 4256
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "8c2b80027d3818f6bc91227418589ee6"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1feea94ec580d59e7911f839dad35e2a-3bbb1da7d04da209-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:23:21+00:00, 2024-05-07T12:30:21+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/logos.svg

185.244.209.62

200 OK

21 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/logos.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
21 kB (21286 bytes)
Hash
6fe0057692b56db33424a889b625b176
073004ddfc70eaa7160bb5b01d694cb0439d17e8
fdc12456f4f71afe3239ff0172e1a233c57c6d44a28159e37b2e9b3f674eaa9d

HTTP Headers

GET /sys-icons/1.0.328/285/logos.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"c45fb3adb3e47bdbd03c88fc4c4309aa"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:05 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1c6e3dd653b6fa3dc75b73bf949db1f9-67f37ce2018d5c3f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:05+00:00, 2024-05-07T12:12:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

2.0 kB

URL
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.0 kB (2031 bytes)
Hash
87571a3f06d06924b11fd807ffe08238
eb0c112cb6072f24b73f2a220251cf27c76e9de8
f078c51804e26b8e8cd8b18f63b735292614d9599e6cb845ead077a93e8f69e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/json; charset=utf-8
content-length: 2031
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:44 GMT
vary: Accept-Encoding
x-time-ng: 0.058
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.067
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css

185.244.209.62

46 B

URL
v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
f506188b04c16eaa9c664ed23f7ce58e
08d068d7fa5a84beb06ba924a35d84d6bfdab30a
b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9

HTTP Headers

GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c9fe7186fd8e39b8db347048fc801793-74280ceb8f46e959-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-05-07T15:34:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js

172.64.148.184

289 kB

URL
widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
289 kB (289418 bytes)
Hash
a6397267d7b535ea8d235b81174acdf7
50338ac24d4616cac0b253ec701b53e03395d08c
0f8648e972bca40da31e45054b6d2818f36d9bdf470e1eb8536a6888791e3f58

HTTP Headers

GET /_next/static/chunks/pages/_app-9c47c295eecaa68a.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"f8027-18f381bf92a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 463394
expires: Wed, 07 May 2025 15:50:44 GMT
server: cloudflare
cf-ray: 88025e124dbc1c16-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/coloredSvg.svg

185.244.209.62

59 kB

URL
v3.traincdn.com/sys-icons/1.0.328/285/coloredSvg.svg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
59 kB (59351 bytes)
Hash
ea87e8d58f96616b33c931a32e03a2e0
3ad1c07198df4f0e2355b2ed2263882f5bc8ee5a
8a7fd806a7779608511f5664fa5066a8d7ccf8e518eecb698779833abf49290e

HTTP Headers

GET /sys-icons/1.0.328/285/coloredSvg.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"fd241a06afa4bae60c4bbab7fa1a9a5b"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:11 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-65350c5fd1bb294589c10dca1848584c-d420858bd7792b40-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:11+00:00, 2024-05-07T13:24:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js

172.64.148.184

3.3 kB

URL
widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
3.3 kB (3322 bytes)
Hash
2a41789f09b172d1a830fb1e5f8e38f5
dfd0e646184bfaa72072b232227d5158409782b6
8e54beef24ebb840e3e55dc2a07101014b39c5ecc694d53cb0c591bda5d5bae5

HTTP Headers

GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 594689
expires: Wed, 07 May 2025 15:50:44 GMT
server: cloudflare
cf-ray: 88025e123d9e1c16-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js

172.64.148.184

200 OK

40 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
40 kB (39685 bytes)
Hash
81a90af6783cd4469f28544147bb818f
7a8913836534ef7ecb3603d914f37549d83e5a09
38e353bc8523950b447835839a8652778651bbed2dab0ab768dd6e8b157d1bf1

HTTP Headers

GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:46 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"8f42-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 603034
expires: Wed, 07 May 2025 15:50:46 GMT
server: cloudflare
cf-ray: 88025e1f6a691c16-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js

172.64.148.184

55 kB

URL
widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
55 kB (55422 bytes)
Hash
aec7fd90566cbb755bd11c5a576681cb
997b22c03a589bb39253f1103d47b003bdb2e683
cf499bd06e94be4d2fa859aa9f2bfab2b8c3f626ff551b7fa9d85ebeec07e015

HTTP Headers

GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 11 Mar 2024 06:37:37 GMT
etag: W/"22695-18e2c3b24d9"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 594689
expires: Wed, 07 May 2025 15:50:44 GMT
server: cloudflare
cf-ray: 88025e124db11c16-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size14/sfiles/logo_teams/0118273f50067e14abd52f97334f5218.webp

185.244.209.62

774 B

URL
v3.traincdn.com/resized/size14/sfiles/logo_teams/0118273f50067e14abd52f97334f5218.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
774 B (774 bytes)
Hash
1ee27d83fba8bca79eeb80f0fe6a422e
4c0b6cb01fde48668363efbf1d794776c4c53607
d02e551b2fb1a2e418d61b0b176c3a844d121df0ab736b1b252b1411d0feeede

HTTP Headers

GET /resized/size14/sfiles/logo_teams/0118273f50067e14abd52f97334f5218.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:47 GMT
content-type: image/webp
content-length: 774
cache-control: max-age=94608000
content-disposition: inline; filename="0118273f50067e14abd52f97334f5218.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 19:43:06 GMT
x-request-id: 256a5bee86bae2785b8f49ad23b47109
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-18ac4c2d807270a7472801b9ebda3a80-b8c804bc3101bc37-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T19:43:06+00:00, 2024-05-06T20:25:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/config/getVideoAccessConfig

178.253.29.51

200 OK

3.5 kB

URL GET HTTP/2
1xlite-461430.top/web-api/external-api/config/getVideoAccessConfig
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
3.5 kB (3541 bytes)
Hash
cb0bc8eedc642fc591c0eef57e6c67e5
6c62aeececef0a5ff474bb21bf569ad8d48f6bd0
c57136f602923fc19534e58f7da5a483616d80031222372e19a29fd6f22b0a0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/config/getVideoAccessConfig HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=21, dt_total;dur=37.602, wf-uht;dur=0.057
traceparent: 00-8fbb6dd7a9d4e3c8bf5d6cc80d9eaed3-11efe109d23ee8b5-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.028
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/33597.webp

185.244.209.62

800 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/33597.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
800 B (800 bytes)
Hash
af3f7d630204a817684448f040f013e1
64adfc882cd2b4a2f4e161d6313dfb912352eaba
a0cdee32992e15bd1b4f5c457e451c534b068144b2c9cc2b463ce9be451d9db8

HTTP Headers

GET /resized/size16/sfiles/logo_teams/33597.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 800
cache-control: max-age=94608000
content-disposition: inline; filename="33597.webp"
content-security-policy: script-src 'none'
expires: Mon, 03 May 2027 20:14:04 GMT
x-request-id: daa21a739155441881d750dc1cc530ff
x-time-ng: 0.054
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-66a6998159b69ba6b5df05c3a1b23056-5080f2ae2bd1b93f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T20:14:04+00:00, 2024-05-05T22:48:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg

185.244.209.62

1.4 kB

URL
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
1.4 kB (1446 bytes)
Hash
d2e2ac05d39441f9ae60a2fd37ad410e
bb11a45662ce45227a17eff97242b2bb44c6b4d6
dcf7fb0b1cb1c4a587b17b5daad6eb2c0a9a626dff44b10dbe8725387830b951

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Apr 2023 11:51:30 GMT
etag: W/"3ae81b002dca46d3b732ce3e03ae35c6"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a41fefc6cf63983151939efb8490f650-a0fec4a35bf930b5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:36:11+00:00, 2024-05-07T15:20:31+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/2dbf48095024b3f4bc13dc2a670e565d.webp

185.244.209.62

3.6 kB

URL
v3.traincdn.com/sfiles/logo-champ/2dbf48095024b3f4bc13dc2a670e565d.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
3.6 kB (3606 bytes)
Hash
65351657520f477032d4f1cc52098142
e3d2cf2efea3ab4389cbda407a1b1f5a2d781ab7
57dd50f1280758f5ca2e626d8f0b2d74b253832d98033f35f04c4831c46a8e9b

HTTP Headers

GET /sfiles/logo-champ/2dbf48095024b3f4bc13dc2a670e565d.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 3606
last-modified: Wed, 04 Jan 2023 07:43:06 GMT
etag: "65351657520f477032d4f1cc52098142"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-89f27748af9656dc8c4cf8bff1f3fc96-56648a04006ddc81-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T12:53:56+00:00, 2024-05-07T08:57:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/44535.webp

185.244.209.62

200 OK

778 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/44535.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
778 B (778 bytes)
Hash
d1c5fa0cf5d7da6d15217d90327156db
ec69d59dcdb56b441431c879246615562ff6cb2a
10debdbd7fac7dd0b318e49126ecb10e3138100cdaef008a7f8bb0cb355c7b8b

HTTP Headers

GET /resized/size16/sfiles/logo_teams/44535.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 778
cache-control: max-age=94608000
content-disposition: inline; filename="44535.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 04:47:04 GMT
x-request-id: f8b0f1b833e602fdf357b432e8bdf410
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d2a4c38ed71bb61ca96750aa66a3f65e-9757c2409970ff97-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T04:47:04+00:00, 2024-05-06T09:01:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js

185.244.209.62

9.2 kB

URL
v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
9.2 kB (9157 bytes)
Hash
f70ec1efd04066c7da542bf195a36e58
42ab09b502e63c4a9529a321b0e7490073dc9fd5
6c9b7168fbf77e550c22d8f0bbc5e0d0b5eb05e207ce6172c5a7f60345f82fae

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:47 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 14:40:26 GMT
etag: W/"598d5481ac96b9bf8013b0eb1413b8e5"
x-amz-meta-mtime: 1715006282.054749806
content-encoding: gzip
expires: Tue, 07 May 2024 15:32:23 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-53fda2a9068a635192082b8fd3380c6a-65dfde0d1cf79b8f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T15:32:23+00:00, 2024-05-07T12:56:57+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/723343.webp

185.244.209.62

200 OK

802 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/723343.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
802 B (802 bytes)
Hash
7ccf25350865c039e0d3cdd2ff24eb0f
a78544761886bdeae74c0ae535ddee6c7ff637cc
478d161b5ada212089e4f2824fd3e8c9975e81410440c254b0b02fee98550510

HTTP Headers

GET /resized/size16/sfiles/logo_teams/723343.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 802
cache-control: max-age=94608000
content-disposition: inline; filename="723343.webp"
content-security-policy: script-src 'none'
expires: Thu, 29 Apr 2027 08:35:31 GMT
x-request-id: 01417c5fd3be1e98ae652d83ab1714eb
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-68a4c46e58afcdb52e544c974c56d8b2-8e42aeda54229653-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-29T08:35:31+00:00, 2024-05-02T16:13:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/bed001d155b44f5df571dc7f19651f29.webp

185.244.209.62

686 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/bed001d155b44f5df571dc7f19651f29.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
686 B (686 bytes)
Hash
20d49d632b49fc3a6ed29688cfd6c951
97c23ded47479cb52fad358ef9e90c1bd50db5c7
657b1c47967fdcffe07d6788e37b0b5cd02d1778873d26cba76d6b5a21985c88

HTTP Headers

GET /resized/size16/sfiles/logo_teams/bed001d155b44f5df571dc7f19651f29.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 686
cache-control: max-age=94608000
content-disposition: inline; filename="bed001d155b44f5df571dc7f19651f29.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 15:02:12 GMT
x-request-id: 7e273078fac084e8e9632997b6d94789
x-time-ng: 0.024
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f3b5728bb86fae0f565c6b5932ba2575-829d5dbd33fe560e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:02:12+00:00, 2024-05-07T15:02:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/75c7c38b6e2bbe6cabdb087acb5b9bf7.webp

185.244.209.62

1.2 kB

URL
v3.traincdn.com/sfiles/logo-champ/75c7c38b6e2bbe6cabdb087acb5b9bf7.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.2 kB (1150 bytes)
Hash
444fba2067c0e7ded745858e778c17e6
06284dd2b953252ff6b0dca6eb35e18fb46b122d
14e8fa8dab1a2f61c070091da3198057c2a49be72113b92aa6f3f3ff9e1ab5e9

HTTP Headers

GET /sfiles/logo-champ/75c7c38b6e2bbe6cabdb087acb5b9bf7.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 1150
last-modified: Sat, 05 Aug 2023 05:38:05 GMT
etag: "444fba2067c0e7ded745858e778c17e6"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b43686ee44344c0d349c6b8183db46c0-fd9ccada5f9ad4e4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T15:24:56+00:00, 2024-05-07T09:18:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/b97ae98929353fc24a56e455d382fde6.webp

185.244.209.62

200 OK

714 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/b97ae98929353fc24a56e455d382fde6.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
714 B (714 bytes)
Hash
ada1b57c51f1559960535d1b2c1306c4
745355fa37b56886e4ac31e9543f577a702f32a6
0012602db5439e10c9b92d7bc6e2ccfb2faeecc5a3f683520bae117b23037b05

HTTP Headers

GET /resized/size16/sfiles/logo_teams/b97ae98929353fc24a56e455d382fde6.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 714
cache-control: max-age=94608000
content-disposition: inline; filename="b97ae98929353fc24a56e455d382fde6.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 10:04:33 GMT
x-request-id: 690f3ccdef27c9138e0269d2fb76e712
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e93c2cfc08aa087f92279faafca469f2-1803e89790fd0db1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T10:04:33+00:00, 2024-05-06T09:49:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/web/v1/config/actualDomain

178.253.29.51

694 kB

URL
1xlite-461430.top/web-api/api/web/v1/config/actualDomain
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
694 kB (694077 bytes)
Hash
e90508cca101d9cb990de4c1ac272162
f2eff8d50f5d46fb966acd5ce6eae0e6928698f5
11d2a39f89bd0f2c2d4bce0007c223e73a00e54ac7423b3eff9ceec40b477e99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:40 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=52, dt_total;dur=74.337, wf-uht;dur=0.084
set-cookie: SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-aa59409b159626d3f8c5a7202c3a5f3d-2aa6f7bbe7992667-01
x-dt: 285
x-time-ng: 0.068
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/220bdfba44a652643c7a2c443d4d6e10.webp

185.244.209.62

652 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/220bdfba44a652643c7a2c443d4d6e10.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
652 B (652 bytes)
Hash
aed3ce1b517b346aa07c027e9b8bf951
9ce2801c2a2c2356f32883803e073bc97a575ffd
2faa3a4acd98d52f2d9c3d729bd15a93e7eba8066ad386aeebbd2433e5dc8c56

HTTP Headers

GET /resized/size16/sfiles/logo_teams/220bdfba44a652643c7a2c443d4d6e10.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 652
cache-control: max-age=94608000
content-disposition: inline; filename="220bdfba44a652643c7a2c443d4d6e10.webp"
content-security-policy: script-src 'none'
expires: Mon, 03 May 2027 21:06:06 GMT
x-request-id: 0c43690f1f5c01959e892fae999396fc
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-efdd7399793060cfe44a3c154dc5ec09-eb020485cb6a6f26-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T21:06:06+00:00, 2024-05-05T15:48:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/46761a236c9277a937b88dbf0a0ea313.webp

185.244.209.62

728 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/46761a236c9277a937b88dbf0a0ea313.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
728 B (728 bytes)
Hash
4e7a62dfd404dd46a5f54b55e7239554
1f4ac6db1a55e53667e7a350d0644767c40520da
e746e2618845939037cbb8c820e84816a8f5c8c64a2f862786e6cb13a66dd723

HTTP Headers

GET /resized/size16/sfiles/logo_teams/46761a236c9277a937b88dbf0a0ea313.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 728
cache-control: max-age=94608000
content-disposition: inline; filename="46761a236c9277a937b88dbf0a0ea313.webp"
content-security-policy: script-src 'none'
expires: Thu, 18 Mar 2027 11:51:49 GMT
x-request-id: 6b2d6c19d7db8f0c6e9144dfe0e13517
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7008d8926ac8fe6068ec38a9ef045076-f0be9402e8ebe214-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-18T11:51:49+00:00, 2024-03-24T06:39:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/612b53e182cbc84cbdd857ecc7109803.webp

185.244.209.62

784 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/612b53e182cbc84cbdd857ecc7109803.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
784 B (784 bytes)
Hash
995fb8b1d1c16da50187bdb7fcfa6106
829d43f6a8278d371ceaa00b54d8bc7a99d51253
bd410ad2a29ba5bc334c68dd86e2e910faa2481e5b3b825daf1b408e5d8bfa02

HTTP Headers

GET /resized/size16/sfiles/logo_teams/612b53e182cbc84cbdd857ecc7109803.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="612b53e182cbc84cbdd857ecc7109803.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 10:48:34 GMT
x-request-id: c19b7b6c4581c0a15731867f2250598f
x-time-ng: 0.083
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d022da83238ab5ebd2001a804ae47cb0-84c49615a5ff61d3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T10:48:34+00:00, 2024-04-30T17:40:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/e9625f3cbdb8cb97aadfc6a16345ac60.webp

185.244.209.62

730 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/e9625f3cbdb8cb97aadfc6a16345ac60.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
730 B (730 bytes)
Hash
962c3794e6f40ce58c0d7dc27a91e77f
0b7741096c3a412c00539cfa0dd5c94dd46f6947
494324c775cbaa9ed55c2f736f2571ad112280b7d8c1af77148e72189477bc13

HTTP Headers

GET /resized/size16/sfiles/logo_teams/e9625f3cbdb8cb97aadfc6a16345ac60.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 730
cache-control: max-age=94608000
content-disposition: inline; filename="e9625f3cbdb8cb97aadfc6a16345ac60.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 10:54:47 GMT
x-request-id: df82d8f592c71cc0b5da5b61db3e68e6
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-dcb9d0fa4103e66fa133e5b53c7fada4-9796154bc27b5349-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T10:54:47+00:00, 2024-04-30T17:40:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/14381.webp

185.244.209.62

722 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/14381.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
722 B (722 bytes)
Hash
6db32eaa36e0b60e50318a164bd6b529
31a34c78139b0af2497903f2dde3a6eed3dc55e5
aa497dc49a680941f24a94961099c8667978f351024cfeecba663cb762b9dccb

HTTP Headers

GET /resized/size16/sfiles/logo_teams/14381.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 722
cache-control: max-age=94608000
content-disposition: inline; filename="14381.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 10:47:38 GMT
x-request-id: ead6abbd4dad011e986013e68b505144
x-time-ng: 0.043
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0262e9ced2a7e701dac40b03b0051ae7-fb009e9b31ee7963-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T10:47:38+00:00, 2024-04-30T17:40:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/

172.64.148.184

91 kB

URL
widget.suphelper.top/
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
91 kB (90595 bytes)
Hash
11f9a46b5d9cbe66191249acb50cb033
d417921296bd1af3c48ef7770ef71e435cd70e2b
c33cdb1b65c2de64174f69985bc333e2a34128e65ad356d8f2b85f6099512239

HTTP Headers

GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:44 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 88025e10ab301c16-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/4e143b21b8a58988108ef893c29b49a0.webp

185.244.209.62

688 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/4e143b21b8a58988108ef893c29b49a0.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
688 B (688 bytes)
Hash
9d31caeefc6f69a0ed543d7f6e2a602e
f08ce26d9686815f6bfc02ccd69e8a3c051dc8b0
2e73e7e507d54cbe0002eddb576ced080a5ea916ace7f24e051ca023026c1a20

HTTP Headers

GET /resized/size16/sfiles/logo_teams/4e143b21b8a58988108ef893c29b49a0.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 688
cache-control: max-age=94608000
content-disposition: inline; filename="4e143b21b8a58988108ef893c29b49a0.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 10:54:47 GMT
x-request-id: 5b39b3428b781fcfd46919fd410bd560
x-time-ng: 0.051
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-152cf923ad0187949c887072952790b0-9d7e8a8dcc3077dc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T10:54:47+00:00, 2024-04-30T17:40:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/716b7e34ee6a039b00a8150987b3fef6.webp

185.244.209.62

782 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/716b7e34ee6a039b00a8150987b3fef6.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
782 B (782 bytes)
Hash
f2fa88941f3f0ee09edfd09ebf6096da
c3176effd39c108dbb3901a9210dc986a9b8b16f
ce95b90ac0d7c68ce7a68028a10d41ef10c9ad23f0152f7585ccff1b2cf4ca2c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/716b7e34ee6a039b00a8150987b3fef6.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 782
cache-control: max-age=94608000
content-disposition: inline; filename="716b7e34ee6a039b00a8150987b3fef6.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 19:34:05 GMT
x-request-id: 780cf8aae01dfc454ea303ad95a91567
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-086ce15033918f6babd92a6f788db0c4-b77b7fe7757e35ce-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T19:34:05+00:00, 2024-05-07T13:58:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json

185.244.209.62

4.6 kB

URL
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
4.6 kB (4582 bytes)
Hash
c75548f2d8def715fe710afbb91d252f
912af1746bf06e36cfb9c59576b802d8c703224f
a3b1197514c99e6d13502996ffb3bc0a550b4f68bc7e9266359c9b30fb2dee07

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_short_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:47 GMT
content-type: application/json
last-modified: Thu, 02 May 2024 09:18:51 GMT
etag: W/"d3e39abc76f19e176765d21ac9e70c5c"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7fcdb45894853cdb0538923a9c971a22-d333f41757153c40-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-02T10:49:13+00:00, 2024-05-07T15:29:03+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715097044

178.253.29.51

911 B

URL
1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715097044
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
911 B (911 bytes)
Hash
52203b2538c8bf27d2097c6ff6d4dfa6
688dd0aa0dfd98edd2323c7fb08e5806bcfc3f9d
d3efc0c8a6bc55648b97744158c7bee9e37017b421ca9dba19801d84a41b8c05

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1715097044 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=17, dt_total;dur=52.943, wf-uht;dur=0.065
traceparent: 00-c08c52c1d7083a61b5ed1a1e5f39af13-e6b74de729dc55fe-01
x-dt: 285
x-time-ng: 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/v3/bonuses/welcome-bonuses

178.253.29.51

1.0 kB

URL
1xlite-461430.top/web-api/api/v3/bonuses/welcome-bonuses
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.0 kB (1048 bytes)
Hash
3b95c708633bddc9e7e22d49dad5fc0f
a8df6625dbc748880d5d8c7848cf596f3745b87c
e23bcc0d393deacc52f246838faf46a23d0bf4cfe70079980e20a4d0a2a80e53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/welcome-bonuses HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=24, dt_total;dur=25.536, wf-uht;dur=0.038
traceparent: 00-77f626a1e301af81a0a6f5dd40235b06-7e912b8b80f0dc7d-01
x-dt: 285
x-time-ng: 0.025
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/837f8e1bd6e4873105e7b9e47dc69000.webp

185.244.209.62

820 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/837f8e1bd6e4873105e7b9e47dc69000.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
820 B (820 bytes)
Hash
9d01c9899957434010006b58925dce6d
5250636acf2a9dfe32617786c1912ae5a13df245
eb5818bab54ea1519a019897f7d2f23f650d1b43c3ed062b58995e8ee23aa6c9

HTTP Headers

GET /resized/size16/sfiles/logo_teams/837f8e1bd6e4873105e7b9e47dc69000.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 820
cache-control: max-age=94608000
content-disposition: inline; filename="837f8e1bd6e4873105e7b9e47dc69000.webp"
content-security-policy: script-src 'none'
expires: Thu, 29 Apr 2027 14:30:56 GMT
x-request-id: 5a6d155d9d0caf87ee6e4d13d0a93675
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0fba9bfb3a7456f889178f4db6618e17-0c9b9f93c5764d72-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-29T14:30:56+00:00, 2024-05-05T07:40:27+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/country.svg

185.244.209.62

63 kB

URL
v3.traincdn.com/sys-icons/1.0.328/285/country.svg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
63 kB (62852 bytes)
Hash
1d8f4de6371af5858a6d221be6d1c5ee
bde8372b26fdbc7c8469afce5fdec4c900ab7107
02a03a759a42b8fb79df09dff23c2adc63419d52f3c2a79c302e66d8e95ada17

HTTP Headers

GET /sys-icons/1.0.328/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:03 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-246c56f6c8eea394b0971bb4ed8eecc0-3b752cfc007dfed8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:03+00:00, 2024-05-07T12:42:30+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/mobile

178.253.29.51

11 kB

URL
1xlite-461430.top/web-api/mobile
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
11 kB (10905 bytes)
Hash
93d25b224eaa471ef198861e4e08d422
2715a8b1b2a699f8e6703ae044d41bf2387c72a2
2c0350e6e0f0aa5587284803badf116b8e89dcea998425f1ec49e5b3bcc9cfd9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/mobile HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=18, dt_total;dur=20.132, wf-uht;dur=0.035
traceparent: 00-b1c2afc1adcbd8752add9cb281695cf8-a7ab3b29a0e76299-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.020
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1479 bytes)
Hash
b940f07b87a7563f584c2298b84737fe
6811648546607baac18fbc17b7644a597bd1377a
e06a161f9706812c75c5464e7a58f568086105ca03c0103ebf1b756ed8d0ce34

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: application/json; charset=utf-8
content-length: 1479
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:49 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/registration

178.253.29.51

9.6 kB

URL
1xlite-461430.top/web-api/registration
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
9.6 kB (9634 bytes)
Hash
ceea7fd7e6148fd9dc744fc633e1d416
494d9ec66e794c953a589aee249e25f6d24bfaa0
3e421090d52ac8e0ec38a9f4295b85469b8dc3edbadc39f16aa0bc26c158c285

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 17
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:46 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=32, dt_total;dur=33.380, wf-uht;dur=0.046
traceparent: 00-9138e7e469bef4152b3adda9a2e1191d-e5922afe00f522c0-01
x-dt: 285
x-time-ng: 0.033
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js

172.64.148.184

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
30 kB (30371 bytes)
Hash
8137059e7d8508259c1250e418c8a9d6
46e04d6593524cbbd859eab0b7a6b542022070b3
84b7e0d892584f8a011812b0cbd3ea03e7de8209d72118bba1ee8c027e4228e2

HTTP Headers

GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 589129
expires: Wed, 07 May 2025 15:50:44 GMT
server: cloudflare
cf-ray: 88025e124db71c16-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js

185.244.209.62

504 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (503)
Size
504 B (504 bytes)
Hash
5387051085dcc459e7077d5d8000b85d
d22afab6c65228f0056f66e4f150783f6014e36b
34377c13fd72112cac96fba3642f084661361aea701a70ba3702c82c9bb42790

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 504
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: "5387051085dcc459e7077d5d8000b85d"
x-amz-meta-mtime: 1714551564.675873475
expires: Thu, 02 May 2024 15:20:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2bfae2054adcff7d126062e256df8570-95fbe9dec06e729a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:53+00:00, 2024-05-06T19:19:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js

185.244.209.62

731 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (730)
Size
731 B (731 bytes)
Hash
bd6d9e7b07e097eb950f4b8bd6ada2b4
d332a4f5771e4f6d2cd47cd94ff85c5eb5847418
ea2bfc78a76204b704ee4ff215cfd6be3c7edb98b6c6e77501c5dbb88f261ea5

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 731
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: "bd6d9e7b07e097eb950f4b8bd6ada2b4"
x-amz-meta-mtime: 1714551564.675873475
expires: Thu, 02 May 2024 15:20:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3615aa55d045c6869756e5a137602cf7-9f0fb89ea1d157cb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:53+00:00, 2024-05-06T16:17:06+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js

185.244.209.62

53 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
53 B (53 bytes)
Hash
bb7e15ec1662efa164ad912bd1c65e19
bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52
a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 53
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "bb7e15ec1662efa164ad912bd1c65e19"
x-amz-meta-mtime: 1714551564.671873539
expires: Thu, 02 May 2024 21:01:37 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a5295b5cbdb9fa282e6f426efa3cf97b-88461bad1fbe0eb4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T21:01:37+00:00, 2024-05-07T15:30:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1468 bytes)
Hash
65aac2ef9d59cafa5d890496e1fffd98
0751a964c8e1db6969135d41cddbbd393f1cfefd
10800989839360292b477ada11cd0d43577b5fcc9305d72e1cbc3845fcd8fd00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_[]MS[]null[]null[]general[]28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: application/json; charset=utf-8
content-length: 1468
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:49 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js

172.64.148.184

200 OK

184 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
184 kB (184448 bytes)
Hash
883c9c19b603784ec808bfa0563f3b2f
fd11cbb390d114d1b669f12fbeccb609911c5768
5f0f049c39a673584db6218649f8b013a68cc99778f59a9c4c12b3a87208bc15

HTTP Headers

GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 598970
expires: Wed, 07 May 2025 15:50:44 GMT
server: cloudflare
cf-ray: 88025e125dd01c16-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json

185.244.209.62

200 OK

5.1 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
5.1 kB (5053 bytes)
Hash
059211a41fcb0c1cf04971153bcf6136
f31f17b691aa12c61368d1a92b5e2d5e529b2d00
c7d6ef9a986ca7694a43e3a2ed80af7ba2bf6f081760eb891ed248076b4d9f04

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_full_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/json
last-modified: Thu, 02 May 2024 09:18:58 GMT
etag: W/"65c4f8441dea9f78c50a9fc7029f9193"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ea0bda82ec17d2afc6c1d6359ea5706e-6690b2eee9e8a1f7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-02T10:43:17+00:00, 2024-05-07T14:56:16+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/sports.svg

185.244.209.62

183 kB

URL
v3.traincdn.com/sys-icons/1.0.328/285/sports.svg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
183 kB (182740 bytes)
Hash
79a3ce6ee23ba32b2345f1a007daca60
6998bf2749a5c40942d78b43e0fecd9e9c8049a1
0e3acdf005a45e741b0e5527637efebb3a3cc6a38aeff310c9e165e16fd4b7d8

HTTP Headers

GET /sys-icons/1.0.328/285/sports.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"0c52e0c32f8f2667a72e0d57b63e02a3"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:02 GMT
cache-control: max-age=86400
x-time-ng: 0.004
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-03a03a88ef9677bee386bd7d5e942458-5764b88d84a96cbb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:02+00:00, 2024-05-07T14:01:00+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/v3/bonuses/first-deposit

178.253.29.51

658 B

URL
1xlite-461430.top/web-api/api/v3/bonuses/first-deposit
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
658 B (658 bytes)
Hash
6c497f6fefa1ff03d2b3f026ca9ea1b2
67708749c2923ee8fb64f119bfe6601df89cc754
62d6341764aac9fa45a7c7c304e969a0408d60f679d5142d0faa28e178d132c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:41 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=20, dt_total;dur=76.361, wf-uht;dur=0.100
traceparent: 00-07c05da10bc1aba40b76a317a09f2f1c-d19b9be6cb6054e9-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.042
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js

172.64.148.184

180 kB

URL
widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
180 kB (180150 bytes)
Hash
2e46ee761170d630ff9583912d30fb81
c8bad6b8b0072c9d9d89295d910861738797e0e7
f5aeab1670b9d88072db6a1ffafdff3cc9b7650b4942f6ffbe1bc0c1aa0559a2

HTTP Headers

GET /_next/static/f385e6db/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"5c-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 463394
expires: Wed, 07 May 2025 15:50:44 GMT
server: cloudflare
cf-ray: 88025e126e151c16-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js

185.244.209.62

200 OK

2.0 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
2.0 kB (1995 bytes)
Hash
e182fe22e73d6dd761436a17b9e9b127
59b39445d13a1342a98efcd49122afa96e244457
252187e40aa6180bcda97b06cfef7fe36230f5b9a0aac959206377e9d7344e66

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"7def1ae39ae3ec1a1a1d626c24e5a7f2"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-447e1b5b3d1716dd99fdece75fe5b411-d2765162edf9d06d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-06T16:17:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/resized/size24/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1056 bytes)
Hash
fb306a4723886210af5f76099eeb4556
910fc4fb3c4d9407d1c536e7fadbcc85bd922880
2d60f98a12a00aaa589404f2ace0152c5dc649da9fe43b68e26d01b9f8c41319

HTTP Headers

GET /resized/size24/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: image/webp
content-length: 1056
cache-control: max-age=94608000
content-disposition: inline; filename="f5db46d24aea0f9d3d07d0be290981ee.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 03:17:14 GMT
x-request-id: f7ed644b24c1d3a82d5dc585f4496e90
x-time-ng: 0.036
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9b72d0b1ae727f5f452ec0ec8c4c26d4-31da6a9461956de5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T03:17:14+00:00, 2024-05-07T14:44:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/hd-api/external/api/web/v1/converslon/load

178.253.29.51

200 OK

26 kB

URL GET HTTP/2
1xlite-461430.top/hd-api/external/api/web/v1/converslon/load
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
gzip compressed data
Size
26 kB (25549 bytes)
Hash
61428143ddca0365d3c4997075967cfa
0b158fdded3569b96736d66e7a989264a48ee068
50fbc9c001920f4cc0fdf85470916eb9c8edb593a4b65ab981b83b5ee9943f2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-280beba22523afe7eff837cb1aa08092-169c1ffa2cbcfe3a-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 618e18daa9dbcb52218a24a7d78595db
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=16.948, wf-uht;dur=0.025
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp

185.244.209.62

16 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
16 kB (15874 bytes)
Hash
99937fec94322155d99465451e84e5f4
0549b153f8e34c242f71817a038f7ebad37d27be
d35bc328538e182310574b3ff1d58134efedc49c9f3dbb43ec6df65fed624f33

HTTP Headers

GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:50 GMT
content-type: image/webp
content-length: 15874
last-modified: Fri, 26 Apr 2024 11:44:53 GMT
etag: "99937fec94322155d99465451e84e5f4"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d436a52892b5867be5e4f423f8cbf0a5-6622c8d1884796fc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:45:30+00:00, 2024-05-07T15:20:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.webp

185.244.209.62

14 kB

URL
v3.traincdn.com/genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
14 kB (13702 bytes)
Hash
317ab8a5b92752fd051ac254b8366dcb
3c30f1345378eaf9833e470a1b7c050d6ccf8b48
4ced6a24abe27da06f568a4d837f11b21462458779d624bd6916163b189222f9

HTTP Headers

GET /genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:50 GMT
content-type: image/webp
content-length: 13702
last-modified: Thu, 02 May 2024 12:00:34 GMT
etag: "317ab8a5b92752fd051ac254b8366dcb"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-734deafd91416224c763a97e4a44fbaa-15d10cecdc985fa4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:40:55+00:00, 2024-05-07T15:48:27+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp

185.244.209.62

1.1 kB

URL
v3.traincdn.com/resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1094 bytes)
Hash
6bd1a4bfa55aad56422400c489942897
17b4372b5ac8430ca744684686cea67969a15cfe
9f4ff586f0724b113f76a8bb64339eedabfc637511a2529e7194248d0554da4c

HTTP Headers

GET /resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:50 GMT
content-type: image/webp
content-length: 1094
cache-control: max-age=94608000
content-disposition: inline; filename="1705962ffbc1e568500d02753d414082.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:51:53 GMT
x-request-id: 1092693db696d60f31712e8ba12deb0c
x-time-ng: 0.062
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6e007cebf37ecc9d3f05ce7641519b03-ae65ace8486ec22a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T14:54:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/167095.webp

185.244.209.62

1.1 kB

URL
v3.traincdn.com/resized/size24/sfiles/logo_teams/167095.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1142 bytes)
Hash
3d0ce9ce8b6dec70e6e0f31effa9f219
018de590437492f15fc3647997bfbaa759f16da9
f4395f007bd01851a93ccf6842c69c3f4cc1c39e4d5c3b71c881c674e85cccc8

HTTP Headers

GET /resized/size24/sfiles/logo_teams/167095.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:50 GMT
content-type: image/webp
content-length: 1142
cache-control: max-age=94608000
content-disposition: inline; filename="167095.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:51:53 GMT
x-request-id: e27ef69f33230d500def92477b09e641
x-time-ng: 0.067
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-116266b07ff296e888b0ebb5f25f487e-2fe0b80ed12f36a6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T14:54:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_buildManifest.js

172.64.148.184

27 kB

URL
widget.suphelper.top/_next/static/f385e6db/_buildManifest.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
27 kB (27288 bytes)
Hash
a0ea5a003f8fa42c70c48c3ea81a38e4
2e947b73f912ef25e4978f62b544bab47844a951
8362488bfc8cf2629ced79e1c7cc1d3b8686ff9c5008abdeecd0cf95fbd79c7e

HTTP Headers

GET /_next/static/f385e6db/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"207-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 463388
expires: Wed, 07 May 2025 15:50:44 GMT
server: cloudflare
cf-ray: 88025e125de71c16-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp

185.244.209.62

8.8 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
8.8 kB (8798 bytes)
Hash
f7820c059ddb01f4b4e68e42a5e460a1
195804c0235c39f4262f97fe2761100319ed9595
cf0d38ba0dc4de44a0fc90d2592209998ac959644b187014ec028a4c0fddd3ab

HTTP Headers

GET /genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:50 GMT
content-type: image/webp
content-length: 8798
last-modified: Mon, 06 May 2024 09:11:30 GMT
etag: "f7820c059ddb01f4b4e68e42a5e460a1"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-570dca2c999bd1ed699b2628f7e1a253-f1e01b49a3944f17-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:50:36+00:00, 2024-05-07T14:54:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js

185.244.209.62

8.5 kB

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
8.5 kB (8504 bytes)
Hash
d0ffe3837cd2d3234a928d1dc5cda277
c870b4c79b6fd7cd5a5aea0a3c8a1924e0cf8cad
a16d7b1b93cdc215ce3eef0384e3ad49084a2e8356df1e28a2c0faa1f26d2142

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"b49b08255ad6dd3864f907913b849ebe"
x-amz-meta-mtime: 1714551564.667873602
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3a261bf2369937848f0385e23ac383ab-6b94b6b782e6c12a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-06T16:17:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js

185.244.209.62

66 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
66 kB (66479 bytes)
Hash
191ff223860f458112e0be2a63bd9857
850dd681d5b31321f00b8df955a455aa9478e44e
40e1fe6d194776c5fa845dda1dbebda9c2bc3154d8c45793ae74a2e1bf147016

HTTP Headers

GET /_nuxt/desktop/default/vendors/conversion-f0624fc4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 66479
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-103af"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:50 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-12e447234b2b9c55c3c02ecf10110d55-4c9c2cd823eb7b87-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:50+00:00, 2024-05-07T14:48:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2693 bytes)
Hash
2bdca531f0bc17b1cb74428b79e8ce4b
a00cf776c3bf9d238a31ba9855edb59410ca7d11
8bd248e9535e511b5a7477f3436ab8fbe83ccf3eabb3250c72647f923d16c709

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:50 GMT
content-type: application/json; charset=utf-8
content-length: 2693
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:50 GMT
vary: Accept-Encoding
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:50 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-941a1249ef8e870cfb67ac1efb022e08-f9ec8237d5d0e916-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-03T07:12:40+00:00, 2024-05-07T15:14:53+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:51 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-67dff2785c86625cae92d083d4c50dbb-1a69b259f0ff8705-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T15:44:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

64 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:51 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-168ca0e701aa5cf3e34ea6aa6698ba72-7af5118473528f0f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T15:35:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

64 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:51 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-89c5a62655a655454d1c509588cbe559-13277bb679b245ab-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-07T15:10:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

64 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:52 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0c6e045f75c3ecc9af4237a61360e5cd-d71383a12522f620-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-07T15:10:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:52 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0a9a4558937df49ae7e95f67145c01bd-21e90c3b30096132-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T15:44:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

64 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:52 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-08c528942be8ba3349332bb64ab4f89f-9a44eaa00718d493-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T15:35:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/hd-api/external/api/web/v1/j/02bi520d010i0f56ef61e509274a83f421f47d62b9073ba9d540

178.253.29.51

509 B

URL
1xlite-461430.top/hd-api/external/api/web/v1/j/02bi520d010i0f56ef61e509274a83f421f47d62b9073ba9d540
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
509 B (509 bytes)
Hash
0432cea6421b0dab959a1cbd95f8644d
1fec2bbd6b51ba829dd32d3f891e2ff9e00d9cda
6bfeff12071613f4d05ffce8e69d9e55853cd4ed652368e4791f79f8c4d44b5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/api/web/v1/j/02bi520d010i0f56ef61e509274a83f421f47d62b9073ba9d540 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105916
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:53 GMT
content-type: application/json
content-length: 509
content-encoding: gzip
traceparent: 00-f866e03c5877420c14c1df3de8823ea0-fd7c4eeccf975a68-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: c757c03729c142f640710deb8e65ef88
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=13.778, wf-uht;dur=0.042
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js

185.244.209.62

16 kB

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
16 kB (16350 bytes)
Hash
6633b9b3499cadd1830803764c80fd90
09f05ab39ee204732dff2c6ae8717fd0a4aed95b
85c6cec27f5886e7bfed20aeef781f697a1ef5f30c98606b50959ad1bc570dbe

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: W/"76cb7b38bd7dd009e525ca10453839cd"
x-amz-meta-mtime: 1714551564.675873475
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7dcbe75c2bd5f946f24549ff5f2e360f-05f491b323e4cb54-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-06T16:17:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

23 B

URL
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
f16a939efc4a160f78575cb6ef98118d
b1a4ef6d0ccb7908defe02a3c417b28f4f8e1451
9683a4dfb6d82382a4d2fb887fb6c632ad779f6ce924d06aea9a5ef77f42507f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Content-Type: application/json
X-Lang: en
X-Uuid: 0e76dcb3-8923-47bf-883f-209da2a56960
Content-Length: 99
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:53 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js

185.244.209.62

2.4 kB

URL
v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6444), with no line terminators
Size
2.4 kB (2434 bytes)
Hash
60f915b0daad3af04303726381897e81
133c20a7f58c18758483c23f595d5a4f22ba9371
320b5a7d25c926dc55eb7a53f4348bf7c34bd7f5bc6ad3bcd1d16029239dc3a1

HTTP Headers

GET /_nuxt/desktop/default/analytics-a8ae3276.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-982"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-71d8b5d16688ca44d09c781b562251e2-250b4509f62cc057-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:52+00:00, 2024-05-07T09:24:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

200 OK

238 B

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
238 B (238 bytes)
Hash
64e1319f626e19057756a29c730da16c
33fed7b2398de7d74653acf0d82fef58f9acfec9
04f7b8e516e2f1d210d0a53f1e19636f5300855c2f8f311a01d54bde675dc9b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:54 GMT
content-type: application/json; charset=utf-8
content-length: 238
cache-control: no-cache
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:54 GMT
vary: Accept-Encoding
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.168

64 kB

URL
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
64 kB (64399 bytes)
Hash
7163862c4911821ad5bdbb5b151cd941
d799753dd6f1a716971fdd37c4102831f42580bc
24bfba9c161f3b017f8fed89aa293ea39273e46f6cf5e4fd18dd3827c984882f

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 15:50:55 GMT
expires: Tue, 07 May 2024 15:50:55 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64399
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.168

200 OK

106 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10899)
Size
106 kB (105847 bytes)
Hash
9c321505b50fe118e530ec09aae065ba
fc2e2291b628b0a8f6ec50674eba84351a73c488
18d1200a8152259b979bd2ebcb429bf5629995f5514d44568e280ef70973dc3c

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 15:50:55 GMT
expires: Tue, 07 May 2024 15:50:55 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105847
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

radar.cedexis.com/1/23802/radar.js

45.54.49.5

154 B

URL
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:0
ASN
#63911 NetActuate, Inc

File type
HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 07 May 2024 15:50:55 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Tue, 07 May 2024 16:00:55 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c

142.250.74.168

200 OK

106 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10899)
Size
106 kB (105921 bytes)
Hash
5d06fc5a3ab9026a86072638816e5533
5cb54b44f85b6c4aec907c9644330e7b3c683505
45d6b45e21349470ceec00f77c6cd1750fdc6ace068bf25af6065eff5a76ff91

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 15:50:55 GMT
expires: Tue, 07 May 2024 15:50:55 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105921
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js

185.244.209.62

760 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
760 B (760 bytes)
Hash
4c17c9ddf3227b93860a9732ecc5dacc
68315fb03e99b961b03b0e161779bbb4fcde6a4e
d49ceffba5aac277133f0ff5f1b25ed7fe1d29ccf51843150adb23feb7850557

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: W/"22e67b67b6c959d57aa78ae317120f36"
x-amz-meta-mtime: 1714551564.675873475
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4fd9870f3aca7407cfa409bedbcfc81c-01bb275cbe23acd2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-06T16:17:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.6 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.6 kB (1563 bytes)
Hash
c14fc20746cdb5182150a952d9cff7e3
cfecc897e05e8a2bbf0feefa27dbb23d4a59f534
6b537a7aab8a69bd1c776da009748875f8f4cd2277bdce5f4a36d423c51ab1b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:55 GMT
content-type: application/json; charset=utf-8
content-length: 1563
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:55 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.031
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.jpg

185.244.209.62

200 OK

28 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1380x248, components 3
Size
28 kB (27999 bytes)
Hash
92e7a5868a7de2dcfa53b65bbdb98923
a26cfb8240552c368422ea594211d80e2a8aac06
e192736750fa781f44c9af7064b09b5c1acd09a46405315ed61cfe1a50fa5256

HTTP Headers

GET /genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:55 GMT
content-type: image/jpeg
content-length: 27999
last-modified: Thu, 02 May 2024 12:00:34 GMT
etag: "92e7a5868a7de2dcfa53b65bbdb98923"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7ee43b34e902850680c8380c7ed41209-f06311a65ac46503-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:41:09+00:00, 2024-05-07T15:50:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

radar.cedexis.com/1707728419/stub.js

45.54.49.5

271 B

URL
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:0
ASN
#63911 NetActuate, Inc

File type
JavaScript source, ASCII text
Size
271 B (271 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 15:50:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:51:01 GMT
Vary: Accept-Encoding
ETag: W/"65c9ea05-186"
Expires: Tue, 21 May 2024 15:50:55 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1481 bytes)
Hash
fa7e900bf015afc1f337d2bfc1eb0125
b7b95753d277568a4f091a622d2c320cb63212fe
9a1cdefca9799ffc262f06ae685b689362058c697e35db6ba94ea09a3af62897

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:56 GMT
content-type: application/json; charset=utf-8
content-length: 1481
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:56 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.021
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1468 bytes)
Hash
c694c8fc09c33c3f6c936c435acf03df
d65c8b0e61ff8e3beb08badb98174a7f6b2ec294
babda11d6b31d04b67b46ba947ed4087e766c9848dba7fad76df5cdec6a0b6ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:56 GMT
content-type: application/json; charset=utf-8
content-length: 1468
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:56 GMT
vary: Accept-Encoding
x-time-ng: 0.031
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.038
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715097054977&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2023088612.1715097056&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715097055&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Dd_151095m_23801c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D28719265_d28986_l46699_clickunder%26pb%3Dc4a963618a5742d9870d0059bcae60ae%26click_id%3D2909882375810783510&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=19193

216.239.32.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715097054977&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2023088612.1715097056&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715097055&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Dd_151095m_23801c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D28719265_d28986_l46699_clickunder%26pb%3Dc4a963618a5742d9870d0059bcae60ae%26click_id%3D2909882375810783510&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=19193
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715097054977&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2023088612.1715097056&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715097055&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Dd_151095m_23801c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D28719265_d28986_l46699_clickunder%26pb%3Dc4a963618a5742d9870d0059bcae60ae%26click_id%3D2909882375810783510&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=19193 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Tue, 07 May 2024 15:50:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

2.0 kB

URL
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.0 kB (2031 bytes)
Hash
87571a3f06d06924b11fd807ffe08238
eb0c112cb6072f24b73f2a220251cf27c76e9de8
f078c51804e26b8e8cd8b18f63b735292614d9599e6cb845ead077a93e8f69e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:56 GMT
content-type: application/json; charset=utf-8
content-length: 2031
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:56 GMT
vary: Accept-Encoding
x-time-ng: 0.072
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.080
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2701 bytes)
Hash
184dc78623651079c4e7b9f22c98dead
bade23b2b02ffbf67d6d2bba7991b940fb602e3b
1199b3364391ba6ed37f337de83438153d3484a9215a6ae8a3468c2f18ca3772

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:56 GMT
content-type: application/json; charset=utf-8
content-length: 2701
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:56 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.51

200 OK

2.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.5 kB (2459 bytes)
Hash
7d5877376d61d5a37dda6bd272f899dd
f89ae2e181f469049eb479229097f55e6e69029b
8561bedaa57cdc6d10de8e895c2f25cfd9482ce4868ea4530c0e9004c75670e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:57 GMT
content-type: application/json; charset=utf-8
content-length: 2459
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:57 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.013
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

16 kB

URL
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
16 kB (15485 bytes)
Hash
7df0193ad11865c36fac27e7ca07cb3d
4a9c051afdc0c00cb37f2f1819b94f7ea678e5e7
0d164529298b210ad1216ed004e3686557b916bc2fd7a94ee8095d4d5b5bd69c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:58 GMT
content-type: application/json; charset=utf-8
content-length: 15485
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:53 GMT
vary: Accept-Encoding
x-time-ng: 0.027
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg

185.244.209.62

17 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3
Size
17 kB (16730 bytes)
Hash
ebce475967e6d85db5bdbde23e85eff7
496e2c75b549fe82d3f6dfbb3976096e0cae2ae7
6a1892ac412355576c6427f173d8b26757bdf0c8ec3aa149b6d1cfbc97408b9f

HTTP Headers

GET /genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:00 GMT
content-type: image/jpeg
content-length: 16730
last-modified: Mon, 06 May 2024 09:11:06 GMT
etag: "ebce475967e6d85db5bdbde23e85eff7"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4c2f069264cb10ccee82c21c33557d90-7a94c4b4bf786474-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T15:00:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2701 bytes)
Hash
184dc78623651079c4e7b9f22c98dead
bade23b2b02ffbf67d6d2bba7991b940fb602e3b
1199b3364391ba6ed37f337de83438153d3484a9215a6ae8a3468c2f18ca3772

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:01 GMT
content-type: application/json; charset=utf-8
content-length: 2701
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:50:56 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.6 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.6 kB (1562 bytes)
Hash
130d227b29c4a52267559f4150c23577
58a01da3eac71d183132af05202ec0f6e249e56f
410ff283b3561e3fedebf211622e158223b50755762d781ccfa73d1d561f7a78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:01 GMT
content-type: application/json; charset=utf-8
content-length: 1562
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:01 GMT
vary: Accept-Encoding
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1480 bytes)
Hash
27b530d62f11eb8e63319d8cb342b836
6b4ebe79f1806c8c7cf4b60da26c8c39f11a0a89
316ea75958af932bfe18a2ac6340b6f8a6c96876649ecb064687dd15fbf65a2c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:02 GMT
content-type: application/json; charset=utf-8
content-length: 1480
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:02 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1468 bytes)
Hash
bf333bca1c0a954ff7e02a013b52a65b
66dd4a513488aa66f329cd9932c0193458557d76
b01e2ae912b372e5127d0a6ddc538a64ef87936209a62209ddeceedfb8f4da40

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:02 GMT
content-type: application/json; charset=utf-8
content-length: 1468
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:02 GMT
vary: Accept-Encoding
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

15 kB

URL
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
15 kB (15406 bytes)
Hash
332fa0b9dc42557f242844c1edcedb08
9dc27502f56a8420bdae2f78ee9d8ac4a9573ccc
52811e7a55c6c9d80c13b5fd962f482776a94b25455e4539063bbaa8dc070bc8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:04 GMT
content-type: application/json; charset=utf-8
content-length: 15406
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:04 GMT
vary: Accept-Encoding
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

200 OK

238 B

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
238 B (238 bytes)
Hash
64e1319f626e19057756a29c730da16c
33fed7b2398de7d74653acf0d82fef58f9acfec9
04f7b8e516e2f1d210d0a53f1e19636f5300855c2f8f311a01d54bde675dc9b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:05 GMT
content-type: application/json; charset=utf-8
content-length: 238
cache-control: no-cache
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:05 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/7b22f4ca03c927ca1e848ce9ab02cbb5.jpg

185.244.209.62

59 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/7b22f4ca03c927ca1e848ce9ab02cbb5.jpg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3
Size
59 kB (59159 bytes)
Hash
3c551120cdcb3b8cb34b7e88fa69c8c8
f9706e9c69281c88f3429c1ec1c276b51080205e
5074f97fb8c9f81cfd6cc2fd35f94ed096b63c21f495279526f01f58f9b0d538

HTTP Headers

GET /genfiles/cms/1/desktop/banner/7b22f4ca03c927ca1e848ce9ab02cbb5.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:05 GMT
content-type: image/jpeg
content-length: 59159
last-modified: Mon, 06 May 2024 09:01:15 GMT
etag: "3c551120cdcb3b8cb34b7e88fa69c8c8"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-dd30ee478747bfb480359ec6d9f0c31a-40ca28934536bad1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:47:04+00:00, 2024-05-07T15:48:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/6884.webp

185.244.209.62

1.4 kB

URL
v3.traincdn.com/resized/size24/sfiles/logo_teams/6884.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.4 kB (1356 bytes)
Hash
4675aff241583e92737ecf4fe2df1c49
79858a163ff9fb5a92473132c67a0d542b2dcdf6
7c6075e3d19715fa0c8bfad733c180f63d564fff020e9a52a1de6d06cef1891e

HTTP Headers

GET /resized/size24/sfiles/logo_teams/6884.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:05 GMT
content-type: image/webp
content-length: 1356
cache-control: max-age=94608000
content-disposition: inline; filename="6884.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:47:01 GMT
x-request-id: d562c44e30a229e977dc42ddbfecfbaf
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bad4d3271fe6d2765c5f5c22bf3a3dfe-97c476ba6728d648-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:47:01+00:00, 2024-05-07T14:48:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/3878bf2552540f58b96e9bd1ad4c5048.webp

185.244.209.62

1.3 kB

URL
v3.traincdn.com/resized/size24/sfiles/logo_teams/3878bf2552540f58b96e9bd1ad4c5048.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.3 kB (1306 bytes)
Hash
8949b6110d1b5e7d822b11baad2d310f
573124a7802f9de17572de3a996b0b7fc412afb1
5afc0ed272674a365e88564117066ce54cbb8c297b2c4520e2604be8c09008c4

HTTP Headers

GET /resized/size24/sfiles/logo_teams/3878bf2552540f58b96e9bd1ad4c5048.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:05 GMT
content-type: image/webp
content-length: 1306
cache-control: max-age=94608000
content-disposition: inline; filename="3878bf2552540f58b96e9bd1ad4c5048.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:47:01 GMT
x-request-id: 62476a6d7fc86e7d0e77b714976f0c84
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4940185b6a83a1ef515be6b9e76e427f-f7490f3c27f337fe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:47:01+00:00, 2024-05-07T14:48:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

35 kB

URL
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
35 kB (34634 bytes)
Hash
07770668139f43e615ab2716a12d41b5
3c22dba2c2665dfc2caaf252f7033f49a88d0ed8
132f6764f6dc1d932a25b1b67aa892b394e90a16bcd47bb49735b727a18d582e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:01 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=132, dt_total;dur=161.023, wf-uht;dur=0.191
traceparent: 00-ecf76ed4beb46203b45364cafe2490dd-c4a64e8efbe8c23a-01
x-dt: 285
x-time-ng: 0.140
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

2.0 kB

URL
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.0 kB (2028 bytes)
Hash
9c300d7b23572af76690c23fd68f9e0e
2283ae3ed1f774a2614482b1a830691d7d812c44
1ab67663063e3b7a7004681cc35e3923068ebaac7cae0fbb74cdb3341ddf5dc7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:06 GMT
content-type: application/json; charset=utf-8
content-length: 2028
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:06 GMT
vary: Accept-Encoding
x-time-ng: 0.096
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.104
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2708 bytes)
Hash
03d8750174fb38131fcdec7c448ce8e8
c48ca92cd90258cc64c328ace6f86ec1eb75a0e5
2db731ba47f7df6d412d452332831dedc2d91d6b2a0fd805d8d9ba6dfbad9fd5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:06 GMT
content-type: application/json; charset=utf-8
content-length: 2708
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:06 GMT
vary: Accept-Encoding
x-time-ng: 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.028
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

5.8 kB

URL
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
5.8 kB (5847 bytes)
Hash
07770668139f43e615ab2716a12d41b5
3c22dba2c2665dfc2caaf252f7033f49a88d0ed8
132f6764f6dc1d932a25b1b67aa892b394e90a16bcd47bb49735b727a18d582e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:07 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=23, dt_total;dur=24.214, wf-uht;dur=0.037
traceparent: 00-0733f529d82cb6ef8abd6bcb99f53a15-232bf4b467fd7991-01
x-dt: 285
x-time-ng: 0.024
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.6 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.6 kB (1563 bytes)
Hash
f2b8cb8ac1c35114ba8aef716361f0dd
8733eee8b13d2e0d830b89cbb9f6fbff4e38e333
cdee1452db9353eb7c99bf16352c7408d973b7d785ed407fecec136aa95b47dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:07 GMT
content-type: application/json; charset=utf-8
content-length: 1563
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:07 GMT
vary: Accept-Encoding
x-time-ng: 0.049
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.056
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1480 bytes)
Hash
7c37f767df4220903f3830b381d78828
3b7e00409aad37670f16ad263d1aa90d11a15093
86047732349f384c57664110dc5fd0e3f511d4cce42100529ca6cd2b8b0042a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:08 GMT
content-type: application/json; charset=utf-8
content-length: 1480
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:08 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1468 bytes)
Hash
68b2870dea9719764457c2720b09dddb
6e0175ad9e656931458b8ce8c127d9078f2d8544
87486fe773a1b193e56d3630de0f623c1675ef98264f51225468ea84dc5e7455

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:08 GMT
content-type: application/json; charset=utf-8
content-length: 1468
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:08 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

15 kB

URL
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
15 kB (15406 bytes)
Hash
332fa0b9dc42557f242844c1edcedb08
9dc27502f56a8420bdae2f78ee9d8ac4a9573ccc
52811e7a55c6c9d80c13b5fd962f482776a94b25455e4539063bbaa8dc070bc8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:09 GMT
content-type: application/json; charset=utf-8
content-length: 15406
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:04 GMT
vary: Accept-Encoding
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp

185.244.209.62

20 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (20522 bytes)
Hash
95767496ab1dce71f394c97620666756
127389c7327fec508549222dd477edbd524e33dd
fca493b566204dfff5ef8b8cd6c74c40659c812ac6665696dd5c66c664a31c7e

HTTP Headers

GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:10 GMT
content-type: image/webp
content-length: 20522
last-modified: Thu, 08 Jun 2023 18:05:27 GMT
etag: "95767496ab1dce71f394c97620666756"
x-time-ng: 0.006
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ad3058a30473a66a7d888326d90c7570-bb71ee7a89ecf88b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-05-07T15:03:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

3.9 kB

URL
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
3.9 kB (3903 bytes)
Hash
07770668139f43e615ab2716a12d41b5
3c22dba2c2665dfc2caaf252f7033f49a88d0ed8
132f6764f6dc1d932a25b1b67aa892b394e90a16bcd47bb49735b727a18d582e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=112, dt_total;dur=160.497, wf-uht;dur=0.177
traceparent: 00-b46f5b018ff6a7cb17cefbf479c9edb3-8a5ea3e73adec430-01
x-dt: 285
x-time-ng: 0.133
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

pp23vi1.com/static/pixel.gif?1715097070982

178.253.14.123

43 B

URL
pp23vi1.com/static/pixel.gif?1715097070982
IP
178.253.14.123:0
ASN
#202492 Silverhill Group Holding Ltd

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /static/pixel.gif?1715097070982 HTTP/1.1
Host: pp23vi1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:11 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2719 bytes)
Hash
cc18d84f7ec57448acc2c8240619e882
42fdcb2ac503e23ffbcff25088a32e0b66bf07da
fa379225b9e6ae3af77da538885c525414a587e030c303f4ff312654e97db139

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:12 GMT
content-type: application/json; charset=utf-8
content-length: 2719
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:12 GMT
vary: Accept-Encoding
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.6 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.6 kB (1562 bytes)
Hash
9904900eea92b954e773f9c13dfdad69
2224340908b7a92f29b011bc869f800344347142
afef95a0a3d5e55797fd58bb1fa067c1b60b615481ff7bb933955e6f17a4ea8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:13 GMT
content-type: application/json; charset=utf-8
content-length: 1562
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:13 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.021
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1480 bytes)
Hash
7c37f767df4220903f3830b381d78828
3b7e00409aad37670f16ad263d1aa90d11a15093
86047732349f384c57664110dc5fd0e3f511d4cce42100529ca6cd2b8b0042a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:13 GMT
content-type: application/json; charset=utf-8
content-length: 1480
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:08 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1468 bytes)
Hash
68b2870dea9719764457c2720b09dddb
6e0175ad9e656931458b8ce8c127d9078f2d8544
87486fe773a1b193e56d3630de0f623c1675ef98264f51225468ea84dc5e7455

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:13 GMT
content-type: application/json; charset=utf-8
content-length: 1468
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:08 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

15 kB

URL
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
15 kB (15371 bytes)
Hash
0b551a2a7e665bc6ececce567bf133e4
9f72baef717e8715684bb43a45daff2804827766
4ee38a4a47f5b50198ce2ff698b7b5bf1f395b5ce0934bc3ffb83d592789d950

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:15 GMT
content-type: application/json; charset=utf-8
content-length: 15371
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:15 GMT
vary: Accept-Encoding
x-time-ng: 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.032
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

200 OK

238 B

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
238 B (238 bytes)
Hash
64e1319f626e19057756a29c730da16c
33fed7b2398de7d74653acf0d82fef58f9acfec9
04f7b8e516e2f1d210d0a53f1e19636f5300855c2f8f311a01d54bde675dc9b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:15 GMT
content-type: application/json; charset=utf-8
content-length: 238
cache-control: no-cache
content-encoding: br
last-modified: Tue, 07 May 2024 15:51:15 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2

1xlite-461430.top/checker/redirect/stat/

178.253.29.51

28 kB

URL
1xlite-461430.top/checker/redirect/stat/
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with no line terminators
Size
28 kB (27930 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /checker/redirect/stat/ HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoib0FEMkFhTzN3ejA1WFlycjcxOWVmaXZtTDhhN2xEMDJtbjFtSlk3UTd3RjM2VmpUcFlCWlNiMnM4RVRiQ0RhVHJPbFhYTTA0a2VpTDlLaGdGd2NBbE9UdHVMMnJMeWhncUErNnk1VHN0eDY4Vks2WUU5cnFXak5BVDRkaFN1NnBUQ0VjV1BzR0lsTkEwUVJFZUNUeVVNNEpxTk1pZVRxdjUxR0crcFc4ZFUyQzNiS2w0NUNscFczZHlTazVlbUlSUmFsS0E5elhyaWZyemUyei9LMVNSbXFqTE5NMVF6NGR6UmN5VDI2aTUwTWJ2RlV5ZEZVR29BZTBuSW5JbHZTK3hoeStYd1VZM1p1cEdVYUNNWDZmTW9HMTYxL1RmYm9EakEvMG9zV096enc2IiwiZXhwIjoxNzE1MTExNDUzLCJpYXQiOjE3MTUwOTcwNTN9.k002i2J0dCFYlkNAo0ciVxhNzNJCSJOikCvvED6QuLk0rBMmvYor19HUWC6NxxxMzRma0411zHzgaITTjSDCmA
Content-Length: 35
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174; _ga_7JGWL9SV66=GS1.1.1715097055.1.0.1715097055.60.0.0; _ga=GA1.1.2023088612.1715097056; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:51:11 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
api-supported-versions: 1.0
x-time-ng: 0.001
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js

172.64.148.184

200 OK

481 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
481 kB (480579 bytes)
Hash
46260bb46d51262abee818c0c3bcf1c6
fe3be222aec74704fad1fa2559788b1fa287094a
20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c

HTTP Headers

GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 589129
expires: Wed, 07 May 2025 15:50:44 GMT
server: cloudflare
cf-ray: 88025e124dca1c16-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/sounds/new-message.mp3

172.64.148.184

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/sounds/new-message.mp3
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo
Size
30 kB (29952 bytes)
Hash
ef9af24dc7dbd24ffd99c832e1300351
f78744a5013038446c468de14f205f2d52373fd6
5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9

HTTP Headers

GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:47 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"7500-18f381bf786"
cf-cache-status: HIT
age: 3586
expires: Tue, 07 May 2024 19:50:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88025e1ffb201c16-OSL
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2023088612.1715097056&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=82067111

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2023088612.1715097056&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=82067111
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97
ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2023088612.1715097056&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=82067111 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 May 2024 15:50:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/3.2.2/Desktop/Default/client.css

185.244.209.62

200 OK

1.0 MB

URL GET HTTP/2
v3.traincdn.com/sys-ui/3.2.2/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
1.0 MB (1048646 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-ui/3.2.2/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:44 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 19 Apr 2024 10:16:19 GMT
etag: W/"e4b8405071f7ea0e1aa13cd501543a44"
x-amz-meta-mtime: 1713521458.745453226
content-encoding: gzip
expires: Sat, 20 Apr 2024 11:51:17 GMT
cache-control: max-age=86400
x-time-ng: 0.010
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-62ba93a8cbdff5b5810634b55b7a0ce4-a475a42c9e40e348-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-19T11:51:17+00:00, 2024-05-07T14:34:20+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/0118273f50067e14abd52f97334f5218.webp

185.244.209.62

200 OK

800 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/0118273f50067e14abd52f97334f5218.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
800 B (800 bytes)
Hash
2dfb794e83ac1b945caa4fad719d76b0
4e8e850d041e0ee95f2bca5f7e24ca3e7e05446c
088afb5a1bcbb3996009b8035760b0fb5b0e597f1fc350458c008d1c593d73a3

HTTP Headers

GET /resized/size16/sfiles/logo_teams/0118273f50067e14abd52f97334f5218.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 800
cache-control: max-age=94608000
content-disposition: inline; filename="0118273f50067e14abd52f97334f5218.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 19:34:05 GMT
x-request-id: 95e90e0faeeefe1f08a79b39402636ff
x-time-ng: 0.029
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-96afffbcdabcae9c259b759fd3bb10a0-97e5349c31a902f2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T19:34:05+00:00, 2024-05-07T13:58:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js

185.244.209.62

200 OK

372 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (379), with no line terminators
Size
372 B (372 bytes)
Hash
b0cb2446d2b33b4a84e6120d6557698d
0bf847d57b404438c15ebc88937375f2b91e7784
54a1297bd1f016a3ec3c2487e61b2eeefde2baf2cb8969362a8a610c134b7f04

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 372
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "441a6448f5a4242779baf6fc1399b13e"
x-amz-meta-mtime: 1714551564.667873602
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-927e1939951546e5a1959f954484c25d-c48f768a6089b36c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-06T16:17:06+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size14/sfiles/logo_teams/716b7e34ee6a039b00a8150987b3fef6.webp

185.244.209.62

200 OK

734 B

URL GET HTTP/2
v3.traincdn.com/resized/size14/sfiles/logo_teams/716b7e34ee6a039b00a8150987b3fef6.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
734 B (734 bytes)
Hash
b2479755903ce9d83295775f41d0172d
42a9f7d08bccad9b25f5cd7802ef1734cfae0632
7dc7ce3f505cd9846e7886b1e637a3f5f4f176b4b54c9be85b1d7e84e1e7075a

HTTP Headers

GET /resized/size14/sfiles/logo_teams/716b7e34ee6a039b00a8150987b3fef6.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:47 GMT
content-type: image/webp
content-length: 734
cache-control: max-age=94608000
content-disposition: inline; filename="716b7e34ee6a039b00a8150987b3fef6.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 19:43:06 GMT
x-request-id: 5c4baa60c2e216a85f1bbcdb94f756da
x-time-ng: 0.029
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cccf5d93cf3b9750aef9cd2649a5ea7c-d92267bb459f73a9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T19:43:06+00:00, 2024-05-06T20:25:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/139573.webp

185.244.209.62

200 OK

772 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/139573.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
772 B (772 bytes)
Hash
a757480f55a221cb27131af6d6b2e9cb
1e8d4aec07c3d5a4eab20dbe5d34d65124c39ae9
4c63b50093c0bee7df7b23529e3674665c260eb25209e9a3b9cabaad5d62e051

HTTP Headers

GET /resized/size16/sfiles/logo_teams/139573.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 772
cache-control: max-age=94608000
content-disposition: inline; filename="139573.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 10:28:18 GMT
x-request-id: 365414cfe239bdc6bf954cf33bef41f1
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ea0ee2ec2e6be9eae613512056ffd747-a0db72269f0dc8b5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T10:28:18+00:00, 2024-05-07T13:56:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js

185.244.209.62

200 OK

41 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (41364)
Size
41 kB (41365 bytes)
Hash
de79bf6739658de7bc537d692f3638fe
1e7a3af0be67bc48ac8f184324daff5f1422ac26
35f8f183f2c85dfafed1127ec3f72da678b9eea861b4083672ae4580ff6a0af0

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"de79bf6739658de7bc537d692f3638fe"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:51 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-937b0f8b047432776baa9036e7c6fcf2-8edee4ba7307d46c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:51+00:00, 2024-05-06T16:17:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js

185.244.209.62

200 OK

2.6 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2663), with no line terminators
Size
2.6 kB (2558 bytes)
Hash
dde63bdbd9cb8be79221cdd4eee15c60
3a7fcb58a671bdbabfdef9802a28a103b8d3ab77
72399193f61f13111a2ba2b25a8ccbf6cc5a833d1f59dfe38108c241c8f4a657

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"942da12c1a44ccf257f6ea3e09ed3175"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-23c8233f57fa00a20f4b5633247f9b53-7faee67af7f27d43-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-06T16:17:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js

185.244.209.62

200 OK

12 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12039), with no line terminators
Size
12 kB (12039 bytes)
Hash
d5bb5783c476219b31ce5582083fd74b
326b40532b72988c1d23fb931daabead75d18482
2724a816ddb0fd1234ca8cebf9db4fd60290f282fcfcb5619ffe70be9c0160b7

HTTP Headers

GET /_nuxt/desktop/default/DownloadAppWidget-b6662b37.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 4124
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-101c"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-719b81e81e4309392b9dda7dfbd8f2f4-ca2cbb9171d31c83-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:35+00:00, 2024-05-07T15:29:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/6d96a96fd4cc420a5490a7f26477f752.webp

185.244.209.62

200 OK

798 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/6d96a96fd4cc420a5490a7f26477f752.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
798 B (798 bytes)
Hash
4564696b7196eab1b8a97031e79cbbe2
7ae14541bcda4b905e92fa890ef2ac26c332393d
ef537656fab0572ba1a823392a6daf4b63477dacf3b857ead7b3d195eb8893bf

HTTP Headers

GET /resized/size16/sfiles/logo_teams/6d96a96fd4cc420a5490a7f26477f752.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:48 GMT
content-type: image/webp
content-length: 798
cache-control: max-age=94608000
content-disposition: inline; filename="6d96a96fd4cc420a5490a7f26477f752.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 14:25:18 GMT
x-request-id: 38694ada1a45dd42290e5ed8e529cf92
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1f6bbcb55cc5df5d4afeb953f926faf6-9bbf1b636217f75c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T14:25:18+00:00, 2024-05-06T09:50:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (15997)
Size
16 kB (16063 bytes)
Hash
18f932fe4f53ce3de4a44b04b0524916
ed47f4f593c25b33012b0369c19883c23e7d3df1
c665029c63cfd9399be9c74e897668b621e3a6e690f0da69196f4c73c16f0cee

HTTP Headers

GET /_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 5562
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-15ba"
content-encoding: gzip
expires: Wed, 08 May 2024 08:42:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7ac7b623e7943e7023e1da963b59cae7-dfa7cbbd8d3d4621-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:42:16+00:00, 2024-05-07T12:30:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/config/all.json?lang=en

178.253.29.51

200 OK

124 kB

URL GET HTTP/2
1xlite-461430.top/bff-api/config/all.json?lang=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
124 kB (123498 bytes)
Hash
b8dcdf58e5c1baa273343d036b7770ba
f482235c789d73d8fc2e902ba6425102ea29f9ba
0b43eb0e6e03055c3ba4dd1336841d78fe577d0e5cbc11cd990772538907823f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/all.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder; postback_watcher=%7B%22tag%22%3A%22d_151095m_23801c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28719265_d28986_l46699_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%222909882375810783510%22%7D; platform_type=desktop; auid=sv0dM2Y6Tc6i+ovqAwm8Ag==; window_width=1280; SESSION=f52d4023c51a9c7953bef0e6ad6eb45e; che_g=41f0c197-5d5e-7d84-70da-02e7160c2394; _glhf=1715114818; application_locale=en; sh.session.id=4416352d-a592-4f81-adb4-9c83947731e3; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:49 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=67.75, dt_total;dur=95.538, wf-uht;dur=0.110
traceparent: 00-0f9209962e79b62c7fb95353087635d7-96cdb25022d82903-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.090
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js

172.64.148.184

200 OK

107 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107186 bytes)
Hash
d0a7ecc59065580118a9ea8880c58962
21573546ac5011592094ef6aea0696ccdeb2164d
e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5

HTTP Headers

GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:50:44 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 598970
expires: Wed, 07 May 2025 15:50:44 GMT
server: cloudflare
cf-ray: 88025e125ddf1c16-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css

185.244.209.62

200 OK

5.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5638), with no line terminators
Size
5.6 kB (5638 bytes)
Hash
be85f100312ee4f9396b6e89cbcb0fef
3934783d38d182ddcaccfdedbbe4fb65c266864c
06a9b859f60f7872c7beaa8286d3c1f45708dd0e1dee20f4c0d55c8719cc2983

HTTP Headers

GET /_nuxt/desktop/default/css/0e3e1e8d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:42 GMT
content-type: text/css
content-length: 1193
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-4a9"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:47 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ea13810a8a64b0f59f11077a522c93a7-62a38e9c0e132b5f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:47+00:00, 2024-05-07T15:29:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js

185.244.209.62

200 OK

101 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=d_151095m_23801c_%5b%5dMS%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d28719265_d28986_l46699_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=2909882375810783510
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (35828)
Size
101 kB (100701 bytes)
Hash
51ddc52774f4e5bd6a6f1c22e9d19674
374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4
642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_M4D4AAJL.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:50:47 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 13:05:33 GMT
etag: W/"51ddc52774f4e5bd6a6f1c22e9d19674"
x-amz-meta-mtime: 1715000580.87646382
content-encoding: gzip
expires: Wed, 08 May 2024 12:42:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-56cb93e67dc7560c67db982860e28404-a893bea1baaf3ff2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:42:07+00:00, 2024-05-07T12:51:04+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (116)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL