GET 1xlite-65819.bar/checker/redirect/stat/run/
200 OK 76 B URL GET 1xlite-65819.bar/checker/redirect/stat/run/
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash 27c2416c1b923fecbcfc18d2fe0b93c8
c2bf774eb23aea67e9f24cb3c4aef31dc2575276
235990e7fa35e87bda0de418d7f4f59e238d6bcc4663db671e512f67f0e1a74b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1280; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-time-ng: 0.001
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c>m=45He5791v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093
200 OK 303 kB URL GET www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c>m=45He5791v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint3A:12:37:38:16:E5:9F:51:4E:B7:1D:5F:1F:C0:84:BB:92:EA:9E:20
ValidityMon, 23 Jun 2025 08:40:16 GMT - Mon, 15 Sep 2025 08:40:15 GMT
File type JavaScript source, ASCII text, with very long lines (5912)
Size 303 kB (302994 bytes)
Hash f4c25486a406850e6cc6bf99dacf8838
d5bac2916ded6241cfcc8810a967df5c0c073e24
aab3958110efe9ee2181015e6fabc788cb0331e341c525cf517c667310790bd6
GET /gtag/destination?id=DC-14030178&cx=c>m=45He5791v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 12 Jul 2025 13:11:43 GMT
expires: Sat, 12 Jul 2025 13:11:43 GMT
cache-control: private, max-age=900
last-modified: Sat, 12 Jul 2025 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 106331
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET radar.cedexis.com/1707728419/stub.js
200 OK 390 B URL GET radar.cedexis.com/1707728419/stub.js
IP
ASN #63911 NetActuate, Inc
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT
File type JavaScript source, ASCII text
Hash 82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7
GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Jul 2025 13:11:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Sat, 26 Jul 2025 13:11:44 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip
GET v3.traincdn.com/main-static/104e7838/desktop/default/runtime-5e3efac4.js
200 OK 18 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/runtime-5e3efac4.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (18456), with no line terminators
Hash 488f2384a05222a7edf8f1d6fb9a0a2d
e7d2830b39d4c4937a8a9188ba6a04b40f723c75
a72f4dc0c4f53d753449ba2c6af38d014e57b91d1d86ac3fe4a3f011165ecb30
GET /main-static/104e7838/desktop/default/runtime-5e3efac4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-34009ac1822f81c48c751c7b92019ad6-04c3b93da0904fe5-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: W/"488f2384a05222a7edf8f1d6fb9a0a2d"
x-amz-meta-mtime: 1752235802.27700261
content-encoding: gzip
expires: Sat, 12 Jul 2025 13:48:41 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84067
cache: HIT
x-cached-since: 2025-07-11T13:50:25+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json
200 OK 4.1 kB URL GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 9e075dc2a068d12162e260d49c92f233
9c748240ee9aeeb922f9998005c557517763a979
81b3796da635e227e36b1a44c3224d8e0ccda902293beb08f84d870ed3bcee99
GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json; charset=utf-8
traceparent: 00-b784ee446c2cbaf561ac98008d68e1e6-65536deb46267a54-01
last-modified: Thu, 26 Jun 2025 16:06:49 GMT
etag: W/"9e075dc2a068d12162e260d49c92f233"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 26 Jun 2025 17:12:47 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1180
cache: HIT
x-cached-since: 2025-07-12T12:51:53+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js
200 OK 30 kB URL GET v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (30255)
Hash 02cf95f00794b77df34632e34a59c5be
b64889fb6cbe78a141688ea761a627997ef8a8af
bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83
GET /sys-static/shared-assets/__shared_localforage_FJKG5M2E.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-b81fdb2993ac03b23ae3dff642911aca-7fc33434489d4243-01
last-modified: Fri, 11 Jul 2025 13:54:13 GMT
etag: W/"02cf95f00794b77df34632e34a59c5be"
x-amz-meta-mtime: 1752241725.429363219
content-encoding: gzip
expires: Sun, 13 Jul 2025 08:09:26 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 17404
cache: HIT
x-cached-since: 2025-07-12T08:21:29+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js
200 OK 19 kB URL GET v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (19034)
Hash 1580a3cfe81fd30910a49dfe64cc8e7b
314144dc49595482ba46c0b85b38d5f73ef73a7b
8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035
GET /sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-84baee7dd21a5f8f874a45d952acd11d-ef4a1759fda61312-01
last-modified: Fri, 11 Jul 2025 13:54:13 GMT
etag: W/"1580a3cfe81fd30910a49dfe64cc8e7b"
x-amz-meta-mtime: 1752241725.429363219
content-encoding: gzip
expires: Sun, 13 Jul 2025 01:31:47 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 41986
cache: HIT
x-cached-since: 2025-07-12T01:31:47+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json
200 OK 473 B URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash e67aa19ef00fd2285c7b4ecbb6018306
5b01d4786d6fbfbd5de7901eb4359a55466f434a
135c1042c31e3674d8a1b3b9e7179f4f36868048ca6058ea458ff291b8880b5e
GET /genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json
content-length: 473
traceparent: 00-cee2611e23d1b8c73f5b1873658fd2f3-a9e97ff3ff0af76d-01
last-modified: Thu, 16 May 2024 20:41:30 GMT
etag: "e67aa19ef00fd2285c7b4ecbb6018306"
expires: Thu, 10 Jul 2025 23:20:08 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2218
cache: HIT
x-cached-since: 2025-07-12T12:34:36+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
200 OK 344 kB URL GET www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint3A:12:37:38:16:E5:9F:51:4E:B7:1D:5F:1F:C0:84:BB:92:EA:9E:20
ValidityMon, 23 Jun 2025 08:40:16 GMT - Mon, 15 Sep 2025 08:40:15 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (4828)
Size 344 kB (343713 bytes)
Hash 586d6cd150fcd38afce9d2e0887c1cc9
676ce3eb322f9c3f715cc7be9ecac4c1caa21d0f
e530d9bdc213a60b504618d018c8d4bebbde7a35bbbfe90b129809ed8d41a463
GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 12 Jul 2025 13:11:43 GMT
expires: Sat, 12 Jul 2025 13:11:43 GMT
cache-control: private, max-age=900
last-modified: Sat, 12 Jul 2025 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 119524
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css
200 OK 650 B URL GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with very long lines (649)
Hash 5d70ac7829c3ae41ce5c0971c798fbcf
9996ce3a09f56d3e37d67fbe7e1efb301ea2f261
0e76b1cd191bd618caea37cb7fb6673d12c7cdff7ea47e939758eda5764a140b
GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:31 GMT
content-type: text/css; charset=utf-8
content-length: 650
traceparent: 00-7c1a176c5d0d9b7c0e9ca35544299c36-77eef91716d77b6f-01
last-modified: Thu, 10 Jul 2025 06:49:47 GMT
etag: "5d70ac7829c3ae41ce5c0971c798fbcf"
x-amz-meta-mtime: 1752129861.788179212
expires: Fri, 11 Jul 2025 10:33:39 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 9120
cache: HIT
x-cached-since: 2025-07-12T10:39:31+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png
200 OK 5.2 kB URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Hash b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743
GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: image/png
content-length: 5202
traceparent: 00-93bccebca9bc15232dba7978ff1a2ca7-537a1b6b8321b613-01
last-modified: Wed, 26 Jun 2024 08:22:59 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
expires: Fri, 11 Jul 2025 19:44:09 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ae93eedd7d.js
200 OK 3.3 kB URL GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ae93eedd7d.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (3274)
Hash b9a7d7d032f4cfa53cd3601604956182
53d093f2e925c0b3865f49537285e40ff7a387a1
acc9c951c98b9410c1393bd5208cca2b47d51389fbe19098d7d471a0563b316b
GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ae93eedd7d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-6553c1dffbccee1dda46fa5566d8c9b1-85fd34d84ca301f4-01
last-modified: Thu, 10 Jul 2025 06:49:47 GMT
etag: W/"b9a7d7d032f4cfa53cd3601604956182"
x-amz-meta-mtime: 1752129861.789179293
content-encoding: gzip
expires: Fri, 11 Jul 2025 07:04:27 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 21633
cache: HIT
x-cached-since: 2025-07-12T07:11:01+00:00
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
200 OK 472 kB URL GET www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint3A:12:37:38:16:E5:9F:51:4E:B7:1D:5F:1F:C0:84:BB:92:EA:9E:20
ValidityMon, 23 Jun 2025 08:40:16 GMT - Mon, 15 Sep 2025 08:40:15 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)
Size 472 kB (471755 bytes)
Hash c136dbe1e4f9851c30311a890c2605a8
b256489ad40dfef9bacaa5ec1785560f8da7637a
53079abe0b0cb0223129f7af0213de53ca38f5e98b8e39f41e2855d9e1f23b69
GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 12 Jul 2025 13:11:43 GMT
expires: Sat, 12 Jul 2025 13:11:43 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 150919
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_9c29d1.css
200 OK 4.2 kB URL GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_9c29d1.css
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with very long lines (3743)
Hash e2951151a267e612b3b7e708b81709ec
b3a1b9af992a8b4a4009441163bab5c829ff35ba
9c29d122f50348d33af9c06097d927c10950fa7d532f768eb84944b6077047f4
GET /sys-static/shared-assets/Desktop/__shared_css_9c29d1.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:31 GMT
content-type: text/css; charset=utf-8
traceparent: 00-06f9e9df232ccc7e84fec30ceff42b28-1ecf3ea99bd848ea-01
last-modified: Sat, 12 Jul 2025 06:46:44 GMT
etag: W/"e2951151a267e612b3b7e708b81709ec"
x-amz-meta-mtime: 1752302690.763105901
content-encoding: gzip
expires: Sun, 13 Jul 2025 07:53:02 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 19109
cache: HIT
x-cached-since: 2025-07-12T07:53:02+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/vendors/plugins.vue-notification-8e411997.js
200 OK 13 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/vendors/plugins.vue-notification-8e411997.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (12563), with no line terminators
Hash a83ffcfe273a392f3101cf9d7b91f050
23a5a12e4e4735bc12e8180015ea55d77e408651
34fd099b2b0a8b1c032c96c5f7ef6fd17b817354228d1f76ca75ec2cc12b6ef9
GET /main-static/104e7838/desktop/default/vendors/plugins.vue-notification-8e411997.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-a0d84e64fb5eb36e82e37c3fdd088827-c3ac98f7565e889f-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: W/"a83ffcfe273a392f3101cf9d7b91f050"
x-amz-meta-mtime: 1752235802.27700261
content-encoding: gzip
expires: Sun, 13 Jul 2025 08:44:51 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 16001
cache: HIT
x-cached-since: 2025-07-12T08:44:51+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_7c4e87aa74.js
200 OK 1.4 MB URL GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_7c4e87aa74.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (23471)
Size 1.4 MB (1437433 bytes)
Hash e902c49e90fffd10d7f88d2c0fc049f7
c3c60271dd647b0fa4a28e46ae5ce86f016519e9
b26926c97d9fc9c6548a7d627905e183895847bbd28aa7232802b5dd6a5c23b5
GET /sys-static/shared-assets/Desktop/__shared_base-app_7c4e87aa74.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-ebb9f912d1c05a2039829ec5b27b33bb-63863383be885a43-01
last-modified: Sat, 12 Jul 2025 06:46:44 GMT
etag: W/"e902c49e90fffd10d7f88d2c0fc049f7"
x-amz-meta-mtime: 1752302690.760105827
content-encoding: gzip
expires: Sun, 13 Jul 2025 08:31:49 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 16230
cache: HIT
x-cached-since: 2025-07-12T08:41:03+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js
200 OK 21 kB URL GET v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (21232)
Hash 3cf0cae38afae9add22f7884e5061231
2a41037501375a439385a76a047876619683418f
322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d
GET /sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-6aaa55273d4556fbe876308aa451620a-e939b3261e315439-01
last-modified: Sat, 12 Jul 2025 06:46:42 GMT
etag: W/"3cf0cae38afae9add22f7884e5061231"
x-amz-meta-mtime: 1752302690.79910679
content-encoding: gzip
expires: Sun, 13 Jul 2025 12:04:00 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 4053
cache: HIT
x-cached-since: 2025-07-12T12:04:00+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/vendors/plugins.v-tooltip-7dff2082.js
200 OK 77 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/vendors/plugins.v-tooltip-7dff2082.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65476)
Hash c49c3b9db2ae0cf59f19fd6071fc83b2
474b2f3e49d1ec17bc8b2c024ea637a05cef9ca0
f7061ee7ce09b20a2740823feebf2219181e31b36e802e52651dfcd1532e5581
GET /main-static/104e7838/desktop/default/vendors/plugins.v-tooltip-7dff2082.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-e968032f1002c2c667b6cbbf39b07843-1694b866294efbd3-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: W/"c49c3b9db2ae0cf59f19fd6071fc83b2"
x-amz-meta-mtime: 1752235802.27700261
content-encoding: gzip
expires: Sat, 12 Jul 2025 13:48:43 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84065
cache: HIT
x-cached-since: 2025-07-11T13:50:27+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/vendors/plugins.vue-js-modal-532a9489.js
200 OK 27 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/vendors/plugins.vue-js-modal-532a9489.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (26667), with no line terminators
Hash 97bf870b079fb64316a748e8b0a80b22
05e6eca34268581a7841aa66d21860cc9f4b166d
be414f8bd788ba19ce5a44d8dce396d8cbf9b3fa2c1a4ce385249fbe81d6610a
GET /main-static/104e7838/desktop/default/vendors/plugins.vue-js-modal-532a9489.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-7a775d936ff32ae0de86d6ce77c32479-398485298add9a4e-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: W/"97bf870b079fb64316a748e8b0a80b22"
x-amz-meta-mtime: 1752235802.27700261
content-encoding: gzip
expires: Sat, 12 Jul 2025 13:48:43 GMT
cache-control: max-age=86400
x-time-ng: 0.007
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84065
cache: HIT
x-cached-since: 2025-07-11T13:50:27+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json
200 OK 7.3 kB URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 0614058b667e6dfa1cdecc6e0e53131c
4f20f88c436fb5cbd82cf1dcfeaa14e52195a369
be16474b0f19b7536ebdd3d0f8867b151eaa4638411ddb46845f887a5d51a653
GET /genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json
traceparent: 00-26f48abdd557fa986d94a7fc85b5aa8b-61a3b326c20d8b3a-01
last-modified: Thu, 23 Jan 2025 13:19:10 GMT
etag: W/"0614058b667e6dfa1cdecc6e0e53131c"
content-encoding: gzip
expires: Thu, 23 Jan 2025 14:50:28 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2217
cache: HIT
x-cached-since: 2025-07-12T12:34:36+00:00
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c>m=45He5791v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093
200 OK 353 kB URL GET www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c>m=45He5791v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint3A:12:37:38:16:E5:9F:51:4E:B7:1D:5F:1F:C0:84:BB:92:EA:9E:20
ValidityMon, 23 Jun 2025 08:40:16 GMT - Mon, 15 Sep 2025 08:40:15 GMT
File type JavaScript source, ASCII text, with very long lines (5912)
Size 353 kB (352923 bytes)
Hash e5d0ee418ce87dbc6c60de5cc66fad98
c6f8c94e082ecb211553b82b54575785f8ec883d
7cdcebc3e665198a01a69e5b44bcf0f7d83180ce5e038b00ebeb309dabd68f32
GET /gtag/destination?id=AW-16664555628&cx=c>m=45He5791v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 12 Jul 2025 13:11:43 GMT
expires: Sat, 12 Jul 2025 13:11:43 GMT
cache-control: private, max-age=900
last-modified: Sat, 12 Jul 2025 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 120235
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e2dfef3a7d.js
200 OK 3.8 kB URL GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e2dfef3a7d.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (3802)
Hash a6eaf41f3d25bb5e7a0442a0836ad56b
6f75bd8f420cd5ca92a88f197d7bde3639f1e0a3
a5418f14719d619d68a28e10aedf8e32c57c4144dbf4fbf46306eaa70dea6c44
GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e2dfef3a7d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-fd4c479934709607c89e01ec2f4e3595-dd482225ebb79f78-01
last-modified: Thu, 10 Jul 2025 06:49:47 GMT
etag: W/"a6eaf41f3d25bb5e7a0442a0836ad56b"
x-amz-meta-mtime: 1752129861.790179375
content-encoding: gzip
expires: Fri, 11 Jul 2025 06:58:08 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 21633
cache: HIT
x-cached-since: 2025-07-12T07:11:01+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/a1c3d1930127b405102a4616863435b5.json
200 OK 2.9 kB URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/a1c3d1930127b405102a4616863435b5.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash f9867cd5bf362d5d518027321410c262
c8152b1f17123f07b027c8ab359062dc5f7c1456
baa9a4f415e8e8b95c2269ac32d20c6850852d9973e47937440e2761a6d8ee65
GET /genfiles/cms/1-285/desktop/media_asset/a1c3d1930127b405102a4616863435b5.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json
traceparent: 00-204fa5d61b380f4d731a9cbd82bdd6a4-dded8957381733e5-01
last-modified: Thu, 05 Jun 2025 12:29:20 GMT
etag: W/"f9867cd5bf362d5d518027321410c262"
content-encoding: gzip
expires: Thu, 05 Jun 2025 13:42:00 GMT
cache-control: max-age=3600
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2218
cache: HIT
x-cached-since: 2025-07-12T12:34:36+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css
200 OK 46 B URL GET v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 29b5cda95fa390c124de39b6aeca6d24
46f68f69533c1fdc737eb36e8e7af7672178e610
6021ec0aede22eadcb8401fe945d345202320437c7be01b157f0cb282ebe7c88
GET /genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/css
content-length: 46
traceparent: 00-12b153ef65e5e450a7a38faed584f4bc-d1ce4d9f0e536e7d-01
last-modified: Thu, 20 Mar 2025 13:29:31 GMT
etag: "29b5cda95fa390c124de39b6aeca6d24"
cache-control: max-age=3600
expires: Sat, 12 Jul 2025 06:36:16 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 874
cache: HIT
x-cached-since: 2025-07-12T12:56:59+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json
200 OK 1.3 kB URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 499d57f89b2bf5fed52d984d865fd72c
f3dd138886f2c1e257d3ac2214b7e3cba57e56b2
9467cf5576ce2a97d9e44e53915a9c4ae529c134cc1ea5a3c62ea304eebda0c8
GET /genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json
traceparent: 00-a68585f5bfcb2098dbee5c1f748a7184-bb45a6049261b0a3-01
last-modified: Thu, 27 Feb 2025 08:17:13 GMT
etag: W/"499d57f89b2bf5fed52d984d865fd72c"
content-encoding: gzip
expires: Thu, 27 Feb 2025 11:06:29 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2218
cache: HIT
x-cached-since: 2025-07-12T12:34:36+00:00
X-Firefox-Spdy: h2
POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
200 OK 23 B URL POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash fcce5b90b96212e30598ec4e00c00f7a
e05792d93e90c24993a321f54373f3db6b84284a
e8a92bde5294e59058a17323feff0620cf4e54f66406903c0c04bee6a9bcd764
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 1cf1fe85-bf22-4a71-a6a8-87765e319d24
Content-Length: 109
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1280; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648; SESSION=6cdd8a0c2d96ab5f06790cf17da33b44; _gcl_au=1.1.85196639.1752325904; _ga_7JGWL9SV66=GS2.1.s1752325903$o1$g0$t1752325904$j59$l0$h1115710958; _ga=GA1.1.2146351131.1752325904
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:45 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.050, wf-uht;dur=0.012
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/app-8b054906.js
200 OK 504 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/app-8b054906.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size 504 kB (504528 bytes)
Hash 449fdec1b602faf3830511cb547c20db
0bd8ca87809551865120d7b4a3035c6c59aaddfc
f98f8b704429c90660fbe278b09d0c4ba20f26a1665d9a51d361a55129e2fdce
GET /main-static/104e7838/desktop/default/app-8b054906.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2a2343275aa55a2d5abc1433254d68ca-197b556cf9a47ec3-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: W/"449fdec1b602faf3830511cb547c20db"
x-amz-meta-mtime: 1752235802.265002491
content-encoding: gzip
expires: Sat, 12 Jul 2025 13:48:41 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84067
cache: HIT
x-cached-since: 2025-07-11T13:50:25+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js
200 OK 1.3 kB URL GET v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (1265)
Hash e3f1c4089db6b910890e85d97a2e2066
85828920da3c3fd7856acde184e835ac314295cd
6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614
GET /sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-b6c3c16dc30e6a4df139f00fac1bee04-55e9210e247ed3e3-01
last-modified: Fri, 11 Jul 2025 13:54:13 GMT
etag: W/"e3f1c4089db6b910890e85d97a2e2066"
x-amz-meta-mtime: 1752241725.428363187
content-encoding: gzip
expires: Sat, 12 Jul 2025 15:40:25 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 77468
cache: HIT
x-cached-since: 2025-07-11T15:40:25+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css
200 OK 11 kB URL GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with very long lines (11072)
Hash 3d3e04f603cc58802ff96240abbdc3aa
e7e6a5d59c97236922354b40d288736f034a1ce3
611f7a963cd4aa278f1ba51f2401247df8c658929b76bfdce45bec08be83d7bd
GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:31 GMT
content-type: text/css; charset=utf-8
traceparent: 00-8cf4d7e24ca77560034becede252b65d-f16005bbe86c2f5b-01
last-modified: Thu, 10 Jul 2025 06:49:47 GMT
etag: W/"3d3e04f603cc58802ff96240abbdc3aa"
x-amz-meta-mtime: 1752129861.789179293
content-encoding: gzip
expires: Sat, 12 Jul 2025 05:14:48 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 28525
cache: HIT
x-cached-since: 2025-07-12T05:16:06+00:00
X-Firefox-Spdy: h2
GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2146351131.1752325904>m=45je5791v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&z=802736743
200 OK 42 B URL GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2146351131.1752325904>m=45je5791v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&z=802736743
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerGoogle Trust Services
Subject*.google.no
FingerprintA8:B1:20:9F:85:E5:F5:7D:94:F3:52:D0:EF:BC:D2:DB:A6:FA:8F:4F
ValidityMon, 23 Jun 2025 08:43:14 GMT - Mon, 15 Sep 2025 08:43:13 GMT
File type GIF image data, version 89a, 1 x 1
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2146351131.1752325904>m=45je5791v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&z=802736743 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 12 Jul 2025 13:11:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
POST www.google.com/gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=4532948042330;npa=1;auiddc=85196639.1752325904;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe5791v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104909302~104909304~104935091~104935093;epver=2;dc_random=1752325904180;~oref=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock?
200 OK 42 B URL POST www.google.com/gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=4532948042330;npa=1;auiddc=85196639.1752325904;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe5791v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104909302~104909304~104935091~104935093;epver=2;dc_random=1752325904180;~oref=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock?
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint18:68:D7:A6:6E:58:DB:F0:4B:B6:53:AF:BA:2B:82:59:4F:36:D8:73
ValidityMon, 23 Jun 2025 08:42:14 GMT - Mon, 15 Sep 2025 08:42:13 GMT
File type GIF image data, version 89a, 1 x 1
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
POST /gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=4532948042330;npa=1;auiddc=85196639.1752325904;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe5791v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104909302~104909304~104935091~104935093;epver=2;dc_random=1752325904180;~oref=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock? HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 12 Jul 2025 13:11:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://1xlite-65819.bar
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/vision.json
204 No Content 0 B URL GET 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/vision.json
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/vision.json HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 1cf1fe85-bf22-4a71-a6a8-87765e319d24
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
x-dt: 285
x-rejected: E001
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.062, wf-uht;dur=0.011
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json
200 OK 747 B URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash f4e90636ec9cff061c4301b3cefdd0d6
c506efe9c3672c58434ea10021dab0ad81b1ad98
30666f138ccc12735e2f8a6405ddce4a3d8756b9445e3b2732fa2970f14dbcea
GET /genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json
content-length: 747
traceparent: 00-ab8e215d6609995559ff8825dfdceac1-f27241ac642faa9a-01
last-modified: Thu, 27 Feb 2025 13:26:35 GMT
etag: "f4e90636ec9cff061c4301b3cefdd0d6"
expires: Sat, 12 Jul 2025 08:11:35 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2217
cache: HIT
x-cached-since: 2025-07-12T12:34:36+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET 1xlite-65819.bar/hd-api/external/assets/hdf.js
200 OK 4.1 kB URL GET 1xlite-65819.bar/hd-api/external/assets/hdf.js
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
File type C++ source, ASCII text, with very long lines (874)
Hash 40eaa62ed21bd753172f4c307e2a41d0
f7b03c6b004562311c8ca00466179629738b2a40
60fed8cb321dc09e4e1d910b5822bd8f67d53d0962a41ddc9f5ac33edd4e2213
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /hd-api/external/assets/hdf.js HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1280; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648; SESSION=6cdd8a0c2d96ab5f06790cf17da33b44
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:41 GMT
content-type: text/javascript; charset=utf-8
content-length: 1620
cache-control: public, max-age=300
content-encoding: gzip
etag: 40eaa62ed21bd753172f4c307e2a41d0
vary: Accept-Encoding
x-dt: 455
x-request-guid: 16ebefed0c708561b85c4ed0c39dbe8b
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.070, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
POST www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=216751770.1752325904&dt=1xBet&auid=85196639.1752325904&navt=n&npa=1>m=45He5791v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093&tft=1752325903859&tfd=14103&apve=1&apvf=sb
200 OK 0 B URL POST www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=216751770.1752325904&dt=1xBet&auid=85196639.1752325904&navt=n&npa=1>m=45He5791v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093&tft=1752325903859&tfd=14103&apve=1&apvf=sb
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint18:68:D7:A6:6E:58:DB:F0:4B:B6:53:AF:BA:2B:82:59:4F:36:D8:73
ValidityMon, 23 Jun 2025 08:42:14 GMT - Mon, 15 Sep 2025 08:42:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=216751770.1752325904&dt=1xBet&auid=85196639.1752325904&navt=n&npa=1>m=45He5791v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093&tft=1752325903859&tfd=14103&apve=1&apvf=sb HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
date: Sat, 12 Jul 2025 13:11:44 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://1xlite-65819.bar
access-control-expose-headers: date,vary,vary,vary,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je5791v897130004za200zb9180563600&_p=1752325903392&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&cid=2146351131.1752325904&ecid=1115710958&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1752325903&sct=1&seg=0&dl=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=19349
204 No Content 0 B URL POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je5791v897130004za200zb9180563600&_p=1752325903392&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&cid=2146351131.1752325904&ecid=1115710958&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1752325903&sct=1&seg=0&dl=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=19349
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint3A:12:37:38:16:E5:9F:51:4E:B7:1D:5F:1F:C0:84:BB:92:EA:9E:20
ValidityMon, 23 Jun 2025 08:40:16 GMT - Mon, 15 Sep 2025 08:40:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7JGWL9SV66>m=45je5791v897130004za200zb9180563600&_p=1752325903392&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&cid=2146351131.1752325904&ecid=1115710958&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1752325903&sct=1&seg=0&dl=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=19349 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-65819.bar
date: Sat, 12 Jul 2025 13:11:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json
200 OK 182 B URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 0a64a07e9a34e8a5b5e97e80a10888c5
82545cbc39b7dcc031dd10dea841a0b3698243d6
7201497e7e8cdf9d35bf6998e43dcde5feea535f9828ce3ee98785781016126c
GET /genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json
content-length: 182
traceparent: 00-000711d019a3c29cb61379694cd206a5-d1df10cefd62a795-01
last-modified: Thu, 27 Feb 2025 08:55:26 GMT
etag: "0a64a07e9a34e8a5b5e97e80a10888c5"
expires: Sat, 12 Jul 2025 11:33:25 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1572
cache: HIT
x-cached-since: 2025-07-12T12:45:21+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png
200 OK 653 B URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Hash e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0
GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: image/png
content-length: 653
traceparent: 00-bb1d18792773a0eaedb6f0c29c94a911-fdce9b7b1c157cdb-01
last-modified: Wed, 26 Jun 2024 08:18:02 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
expires: Thu, 16 Jan 2025 10:46:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2887
cache: HIT
x-cached-since: 2025-07-12T12:23:25+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b25a989ca4.js
200 OK 147 B URL GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b25a989ca4.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash b3fb69eada43a2f958ab4a8a54947b55
5d1a8876755b161fdbaaabf31a4420bb23b76164
1afaedf80362fc0986a35cc1069b3a224c7ab1099dadaec76e4b7239db9edd95
GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b25a989ca4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: text/javascript; charset=utf-8
content-length: 147
traceparent: 00-4ce6103274221804726cf250a93e5b52-87511798362205f0-01
last-modified: Thu, 10 Jul 2025 06:49:47 GMT
etag: "b3fb69eada43a2f958ab4a8a54947b55"
x-amz-meta-mtime: 1752129861.789179293
expires: Sun, 13 Jul 2025 11:42:58 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5316
cache: HIT
x-cached-since: 2025-07-12T11:42:58+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-ui/2.3.273/Desktop/Default/client.css
200 OK 646 kB URL GET v3.traincdn.com/sys-ui/2.3.273/Desktop/Default/client.css
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 646 kB (645724 bytes)
Hash a8a44b273c4f19498dfe5dfbe6d66b5f
6d68353f0344e5f497f983d9843493c5cba4416e
3a55dbb30fd14dbf83a9bd142e1a2cdff2008b12994f1e1cea74cd55b2c6792a
GET /sys-ui/2.3.273/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:31 GMT
content-type: text/css; charset=utf-8
traceparent: 00-e96a358c411917623c7a96f5a91318a3-730c52dd40082cfc-01
last-modified: Fri, 27 Jun 2025 13:38:05 GMT
etag: W/"a8a44b273c4f19498dfe5dfbe6d66b5f"
x-amz-meta-mtime: 1751031482.572809748
content-encoding: gzip
expires: Thu, 03 Jul 2025 09:30:19 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 46730
cache: HIT
x-cached-since: 2025-07-12T00:12:41+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/version.json
200 OK 11 B URL GET v3.traincdn.com/version.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash bfc2626d85dbfaaa4e1bd6b4508890af
30e10bba28b24c1685df1df0e68f0d16a8b68ef5
bef4a5daf48447f287a75a4e3d2ef02fd52adf99fd4bb46cfce653c353bd5d99
GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:31 GMT
content-type: application/json
content-length: 11
traceparent: 00-e49651eab08048b11215f32012f4cde7-6572937dafa9b88d-01
last-modified: Sat, 12 Jul 2025 09:36:37 GMT
etag: "bfc2626d85dbfaaa4e1bd6b4508890af"
x-amz-meta-mtime: 1752312997.115662877
expires: Sat, 12 Jul 2025 09:39:29 GMT
cache-control: max-age=60
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8
cache: HIT
x-cached-since: 2025-07-12T13:11:23+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_0a78b48734637d9395ac1652eac18f3a.json
200 OK 23 kB URL GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_0a78b48734637d9395ac1652eac18f3a.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash d8964c453dde7e75cb10749e26e85217
d37edad1d61e2c6a25eeb554e7cea2a6e0200790
64be43228af64927fc269671507014babfc99c1151845327f60076380e39c909
GET /genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_0a78b48734637d9395ac1652eac18f3a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json; charset=utf-8
traceparent: 00-3587e1363315f3e90a11e928e964686b-f4314d24e06a04fe-01
last-modified: Tue, 08 Jul 2025 16:06:46 GMT
etag: W/"5da45f9cc5f7e5bec83ea6a0409ba2c9"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 08 Jul 2025 17:12:10 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3369
cache: HIT
x-cached-since: 2025-07-12T12:15:24+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-ba36bdd6bd.js
200 OK 30 kB URL GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-ba36bdd6bd.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (29524)
Hash 6867065f4a1f0fec547c2c67738a0201
8b3463e0a49bdb75260abbf1fe992cee0f838963
85a5eed65ecaa85da0434cba3588063557f6d1a98326d4a30702abb653e50089
GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-ba36bdd6bd.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-4484aa3c53ca9244b5020903dc43746f-517f5ee70b964b97-01
last-modified: Thu, 10 Jul 2025 06:49:47 GMT
etag: W/"6867065f4a1f0fec547c2c67738a0201"
x-amz-meta-mtime: 1752129861.791179456
content-encoding: gzip
expires: Fri, 11 Jul 2025 06:58:08 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 21633
cache: HIT
x-cached-since: 2025-07-12T07:11:00+00:00
X-Firefox-Spdy: h2
GET 1xlite-65819.bar/web-api/session
204 No Content 0 B URL GET 1xlite-65819.bar/web-api/session
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /web-api/session HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1280; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx
date: Sat, 12 Jul 2025 13:11:41 GMT
cache-control: no-cache, private
server-timing: dt_total;dur=0.006, p;dur=15.37, wf-uht;dur=0.029
set-cookie: ua=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
SESSION=6cdd8a0c2d96ab5f06790cf17da33b44; path=/; secure; httponly; samesite=lax
x-dt: 285
x-time-ng: 0.016, 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
200 OK 2 B URL POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 1cf1fe85-bf22-4a71-a6a8-87765e319d24
Content-Length: 19
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: application/json
content-length: 2
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.006, wf-uht;dur=0.008
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_dd70907400acb852a1f270a512b83792.json
200 OK 22 kB URL GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_dd70907400acb852a1f270a512b83792.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash b8f5a192e9046aa8d50f9abfdaa8ce93
3dd3ff9b023c7f99c6d45db3026692a46de9bdaa
993f16e8711b7a5a82c1021583db1ee0bae8a83465835f4e753bf4383f0962ba
GET /genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_dd70907400acb852a1f270a512b83792.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json; charset=utf-8
traceparent: 00-597a281db29b9e7a261af63b1fa2a64a-16f381915765806d-01
last-modified: Wed, 02 Jul 2025 16:06:28 GMT
etag: W/"bf04c0ee4f0e4c6d1d4d1e6c835c18a9"
cache-control: max-age=3600
content-encoding: gzip
expires: Sat, 12 Jul 2025 05:11:19 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2611
cache: HIT
x-cached-since: 2025-07-12T12:28:02+00:00
X-Firefox-Spdy: h2
GET radar.cedexis.com/1/23802/radar.js
302 Moved Temporarily 390 B URL GET radar.cedexis.com/1/23802/radar.js
IP
ASN #63911 NetActuate, Inc
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 12 Jul 2025 13:11:43 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Sat, 12 Jul 2025 13:21:43 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT
GET v3.traincdn.com/genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css
200 OK 40 kB URL GET v3.traincdn.com/genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with very long lines (39742), with no line terminators
Hash 11fcf67d96d7d317c64c54b46d5ec44f
abf4e85e9e932ed64412f46ff590b39a87e26cb9
96ec24e0f388bf29d22bc262d0ed8aecf4582efa4d2031a06566442663f68658
GET /genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/css
traceparent: 00-d63c2a82612be93a8b016e6f96acf126-3f823363dd6f5cf8-01
last-modified: Wed, 02 Jul 2025 08:01:48 GMT
etag: W/"11fcf67d96d7d317c64c54b46d5ec44f"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 02 Jul 2025 09:51:25 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1271
cache: HIT
x-cached-since: 2025-07-12T12:50:22+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json
200 OK 2.3 kB URL GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 7c12ae6fc08684f50822b3eb56779e29
036c726b8b7b2d24f987391101f3e8d1a2a183cf
a2eac45353675c82733192916712b8876c6b038b7bdbddc24df464e38b67cbfd
GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json; charset=utf-8
traceparent: 00-64a3588fbc1913da49115a176199ca3b-4accaed037a7d181-01
last-modified: Tue, 22 Apr 2025 08:06:29 GMT
etag: W/"7c12ae6fc08684f50822b3eb56779e29"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 22 Apr 2025 09:26:34 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3074
cache: HIT
x-cached-since: 2025-07-12T12:20:20+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json
200 OK 13 kB URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 2b474bcc2f009b70e64e2b5a95dd50a4
1fd5ee2d54da7dfbf61e67efd938a89c548fc866
f86d880575f3f65ddaaf9e8a0e3746bbbefcefe7e6c0c4441e9e20ceffdca237
GET /genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json
traceparent: 00-147df06aeab9bf5dae5906b54ecff8ed-e8980063da4c1da5-01
last-modified: Wed, 12 Mar 2025 09:35:22 GMT
etag: W/"2b474bcc2f009b70e64e2b5a95dd50a4"
content-encoding: gzip
expires: Wed, 12 Mar 2025 11:03:31 GMT
cache-control: max-age=3600
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2218
cache: HIT
x-cached-since: 2025-07-12T12:34:36+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/27138dfda5.js
200 OK 1.7 kB URL GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/27138dfda5.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (1662)
Hash 96de9cc2c59cfad740102391585d679e
a58c143d9eed3dccf5b64af0e91b9c6f476fd2ed
2de75c90eb73ffe4a7730bf56f532c114e108ad3f25654b5c167fd7b69ccc948
GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/27138dfda5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-c56de11528c4f786ad9b169b5def4f53-0f1f093a315e7fb9-01
last-modified: Thu, 10 Jul 2025 06:49:47 GMT
etag: W/"96de9cc2c59cfad740102391585d679e"
x-amz-meta-mtime: 1752129861.791179456
content-encoding: gzip
expires: Fri, 11 Jul 2025 06:58:09 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 21633
cache: HIT
x-cached-since: 2025-07-12T07:11:01+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-ui/3.3.296/Desktop/Default/merged.css
200 OK 1.5 MB URL GET v3.traincdn.com/sys-ui/3.3.296/Desktop/Default/merged.css
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 1.5 MB (1487646 bytes)
Hash bed3ac4762611e2ba2bc49472e04e4af
9846a1488055ccae2a6b0df12582719c3e0ebf4a
f6dc1b01c574c94ba23e4edb383e0e3c7360478709519e12218e0eef2aa0fb08
GET /sys-ui/3.3.296/Desktop/Default/merged.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:31 GMT
content-type: text/css; charset=utf-8
traceparent: 00-afef14b5096aa44796d3f9fd1bfefff0-0b8adc671fddf172-01
last-modified: Fri, 11 Jul 2025 13:56:55 GMT
etag: W/"bed3ac4762611e2ba2bc49472e04e4af"
x-amz-meta-mtime: 1752242164.476425636
content-encoding: gzip
expires: Sun, 13 Jul 2025 08:50:52 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 15639
cache: HIT
x-cached-since: 2025-07-12T08:50:52+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/Betting.Core-e2fc5eb9.js
200 OK 2.1 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/Betting.Core-e2fc5eb9.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (2116), with no line terminators
Hash 7f8d4785079463ddc587c8abf9f3284f
b8b8b62a7fec2d45ae366e50e1ce78168b93f55c
696ac34c37daf15ef4bd8fa0419e0e376f5bcd6f5f57dd7e69ed35c59233661e
GET /main-static/104e7838/desktop/default/Betting.Core-e2fc5eb9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-eee7b74e64268521f2a31f90c9f6f314-f3c3df91adb0fbfb-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: W/"7f8d4785079463ddc587c8abf9f3284f"
x-amz-meta-mtime: 1752235802.26100245
content-encoding: gzip
expires: Sat, 12 Jul 2025 13:48:43 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84066
cache: HIT
x-cached-since: 2025-07-11T13:50:27+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/analytics-b7a3986a.js
200 OK 7.1 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/analytics-b7a3986a.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (7104), with no line terminators
Hash c9e8dfbeb71861e1be64e13c3885d35e
99bacc35ff8c99aceae982440f90d562f6aab961
b0e2d167084522273a17c8ff2a2adc88736deabf9f4a5bc254a656ebcdbe435a
GET /main-static/104e7838/desktop/default/analytics-b7a3986a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-d24d91e3781ea4952e8ea085674e2209-1f23f7a8cc388e3e-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: W/"c9e8dfbeb71861e1be64e13c3885d35e"
x-amz-meta-mtime: 1752235802.265002491
content-encoding: gzip
expires: Sat, 12 Jul 2025 13:48:49 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83961
cache: HIT
x-cached-since: 2025-07-11T13:52:22+00:00
X-Firefox-Spdy: h2
GET 1xlite-65819.bar/en/block
203 Non Authoritative 284 kB URL User Request GET 1xlite-65819.bar/en/block
IP
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
File type HTML document, ASCII text, with very long lines (53869)
Size 284 kB (284486 bytes)
Hash f143cc12b5a8371b0462456c96d31b02
9884dddf8906dc1356ac85ebe9e7bc01137920f5
d9088871ea284b10569ad5bd2428f66d7e2c3bafb2c3c5db20065ea3e5d5fd30
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /en/block HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 203 Non Authoritative
server: nginx
date: Sat, 12 Jul 2025 13:11:30 GMT
content-type: text/html; charset=utf-8
content-length: 284486
accept-ranges: none
server-timing: dt_total;dur=0.003, total;dur=127;desc="Nuxt Server Time"
set-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/Page.Block-a10c0c7e.js
200 OK 476 B URL GET v3.traincdn.com/main-static/104e7838/desktop/default/Page.Block-a10c0c7e.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (476), with no line terminators
Hash 240f956494a20326f94e6cd8a3c36544
91c605d4d8289de34eb843e96506659534a26f06
7a78ca1fe01eacb8d6c5c815ee3c1d5d88624d1424111e2260c4d2df5934f13e
GET /main-static/104e7838/desktop/default/Page.Block-a10c0c7e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: text/javascript; charset=utf-8
content-length: 476
traceparent: 00-15b595e0c287adaef88cc02b56f38cbd-dbb2df9901b62d52-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: "240f956494a20326f94e6cd8a3c36544"
x-amz-meta-mtime: 1752235802.26100245
expires: Sat, 12 Jul 2025 13:48:54 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84067
cache: HIT
x-cached-since: 2025-07-11T13:50:25+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js
200 OK 1.2 kB URL GET v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (1193)
Hash 7e76c08e7f16815131a5f13a10c1efba
5f800877b78a0713157fe119bc1a2d9a260f72e1
c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc
GET /sys-static/shared-assets/__shared_chunk_7HDOEZTP.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-0e8a389c7d78e444521c45eb9e1aa6c9-38b57fa210d137b1-01
last-modified: Sat, 12 Jul 2025 06:46:42 GMT
etag: W/"7e76c08e7f16815131a5f13a10c1efba"
x-amz-meta-mtime: 1752302690.798106765
content-encoding: gzip
expires: Sun, 13 Jul 2025 08:09:25 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 17418
cache: HIT
x-cached-since: 2025-07-12T08:21:15+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
200 OK 64 kB URL GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Hash a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-7b1db43a9fd164a6746526a7c1643405-f42355ed7442229a-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Sat, 12 Jul 2025 05:11:33 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2902
cache: HIT
x-cached-since: 2025-07-12T12:23:10+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
200 OK 23 B URL POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash 23542a3306f670806d3ed4541829ad6a
bd6f6e26026934e3f1d346d37c57f861e6710b69
550be5459a6f14c77edb70613bfd1e3a5f8d838e047c885e62a48b067644c863
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 1cf1fe85-bf22-4a71-a6a8-87765e319d24
Content-Length: 98
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.010, wf-uht;dur=0.012
X-Firefox-Spdy: h2
GET 1xlite-65819.bar/main-static/104e7838/check-ob.js
200 OK 219 B URL GET 1xlite-65819.bar/main-static/104e7838/check-ob.js
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
File type JavaScript source, ASCII text
Hash c065700c9c8c493403359e1f2baa10d9
4630fe729e70bdf63fa7ba6c84ec277fd1f51030
1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main-static/104e7838/check-ob.js HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:31 GMT
content-type: text/javascript; charset=utf-8
content-length: 219
last-modified: Fri, 11 Jul 2025 12:10:42 GMT
etag: "c065700c9c8c493403359e1f2baa10d9"
x-amz-meta-mtime: 1752235836.837345499
expires: Sun, 13 Jul 2025 01:32:15 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json
200 OK 1.2 kB URL GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 26f10f416f0a3743c3362a51dd558a4b
6b458c43b5e31fc0515de1eb1a0e535855a3e936
8374658000ae2d2747471b9535397e6de0c036d4e1a767a2a523047f8d06cb73
GET /genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json; charset=utf-8
traceparent: 00-d2e0f8ac5b80e1608d93f458faac6548-c39fbca2b4d5692e-01
last-modified: Mon, 30 Jun 2025 14:06:32 GMT
etag: W/"26f10f416f0a3743c3362a51dd558a4b"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 11 Jul 2025 19:10:10 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1767
cache: HIT
x-cached-since: 2025-07-12T12:42:06+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js
200 OK 16 kB URL GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (16156)
Hash b95f2867a4f69c6f87508d4376778ab8
34b733244053bb0634826b593e14e88782e81680
f318dcd075506078ef1811c0a12962c5fed8811ee39cc3c77691a81063e05340
GET /sys-static/shared-assets/Desktop/__shared_c29ed659a5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-8fc148984cb843c64e11b0d4df85280b-94fca2187511a554-01
last-modified: Sat, 12 Jul 2025 06:46:44 GMT
etag: W/"b95f2867a4f69c6f87508d4376778ab8"
x-amz-meta-mtime: 1752302690.762105876
content-encoding: gzip
expires: Sun, 13 Jul 2025 12:49:39 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1170
cache: HIT
x-cached-since: 2025-07-12T12:52:03+00:00
X-Firefox-Spdy: h2
GET 1xlite-65819.bar/en?tag=d_44402m_14219c_[]MS[]null[]null[]general[]28753948_d28986_l18403_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=6990902404166837530
302 Found 284 kB URL User Request GET 1xlite-65819.bar/en?tag=d_44402m_14219c_[]MS[]null[]null[]general[]28753948_d28986_l18403_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=6990902404166837530
IP
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Size 284 kB (284486 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /en?tag=d_44402m_14219c_[]MS[]null[]null[]general[]28753948_d28986_l18403_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=6990902404166837530 HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sat, 12 Jul 2025 13:11:30 GMT
location: https://1xlite-65819.bar/en/block
server-timing: dt_total;dur=0.011, total;dur=137;desc="Nuxt Server Time", wf-uht;dur=0.148
set-cookie: platform_type=desktop; Path=/; Expires=Tue, 15 Jul 2025 13:11:30 GMT; Secure; SameSite=None; Partitioned
gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Wed, 10 Sep 2025 13:11:30 GMT
reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; Path=/; Expires=Sat, 12 Jul 2025 14:11:30 GMT
postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; Path=/; Expires=Mon, 11 Aug 2025 13:11:30 GMT
auid=uaJaFWhyXwJ0/fd6A9TPAg==; path=/; secure; httponly; samesite=lax
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
200 OK 64 kB URL GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Hash 6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-c73748ee1462903bcec776a55e24582e-1e5509c9b0ea8a49-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1439
cache: HIT
x-cached-since: 2025-07-12T12:47:33+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/css/7fe5f71b.css
200 OK 3.3 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/css/7fe5f71b.css
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with very long lines (3313), with no line terminators
Hash c610b8710368de3bf2f1c5bb581b6a3a
f67bc86785d434adb2e81a356a7926b8818ac567
fad7111846310042401990719146401178f22e2618abf2b058e641b6495e8eba
GET /main-static/104e7838/desktop/default/css/7fe5f71b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: text/css; charset=utf-8
traceparent: 00-dbe0b9c47ddb8d40e5cb30c63433e3d3-6d48cd7bf6de1eec-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: W/"c610b8710368de3bf2f1c5bb581b6a3a"
x-amz-meta-mtime: 1752235802.26900253
content-encoding: gzip
expires: Sat, 12 Jul 2025 13:48:42 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84065
cache: HIT
x-cached-since: 2025-07-11T13:50:27+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/DC-bf35fe94.js
200 OK 2.7 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/DC-bf35fe94.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (2656), with no line terminators
Hash d179b4b81297b4a372c4a45c4d873cc0
97f8cf463eee60ccb5da318c49946f801defa864
20f583ad85598cd4d9e0d0dcb519ca5a16585bf5e6e220f32bc6b1ae145cb6aa
GET /main-static/104e7838/desktop/default/DC-bf35fe94.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-e2047f6ad93c3f82b1ee204c7dbc0bcc-3855032593149831-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: W/"d179b4b81297b4a372c4a45c4d873cc0"
x-amz-meta-mtime: 1752235802.26100245
content-encoding: gzip
expires: Sat, 12 Jul 2025 13:48:43 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84066
cache: HIT
x-cached-since: 2025-07-11T13:50:27+00:00
X-Firefox-Spdy: h2
POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
200 OK 2 B URL POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 1cf1fe85-bf22-4a71-a6a8-87765e319d24
Content-Length: 19
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1280; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json
content-length: 2
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.068, wf-uht;dur=0.010
X-Firefox-Spdy: h2
POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
200 OK 23 B URL POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash 94c2c4e3c2d09efc0998503fc2233a73
8a58056383f8cd4a912f1d6883fd615147de1c97
c9a5c7b02988fa128135187c6493c523bc9f5a416a0556b1af16563931d9d4de
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 1cf1fe85-bf22-4a71-a6a8-87765e319d24
Content-Length: 89
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1280; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.050, wf-uht;dur=0.008
X-Firefox-Spdy: h2
GET 1xlite-65819.bar/captcha-api/assets/hunt-captcha.js
200 OK 90 kB URL GET 1xlite-65819.bar/captcha-api/assets/hunt-captcha.js
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash 10ea63042d52292777c2a54dee7157ea
ff70dbbf3bacc5b191c74e390f33bbb9a726c546
2919b84fc5cb7d19f8100bcaa7e90a7347df9b96f891522399045a0ceaf0407e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /captcha-api/assets/hunt-captcha.js HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1280; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648; SESSION=6cdd8a0c2d96ab5f06790cf17da33b44
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:41 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=300
content-encoding: br
vary: Accept-Encoding
x-dt: 455
x-request-id: db962c93dcd3f33fcc74118491d6991b
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.005, wf-uht;dur=
X-Firefox-Spdy: h2
POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je5791v897130004za200zb9180563600&_p=1752325903392&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&cid=2146351131.1752325904&ecid=1115710958&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1752325903&sct=1&seg=0&dl=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock&dt=1xBet&_tu=Kg&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=14299
204 No Content 0 B URL POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je5791v897130004za200zb9180563600&_p=1752325903392&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&cid=2146351131.1752325904&ecid=1115710958&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1752325903&sct=1&seg=0&dl=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock&dt=1xBet&_tu=Kg&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=14299
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint3A:12:37:38:16:E5:9F:51:4E:B7:1D:5F:1F:C0:84:BB:92:EA:9E:20
ValidityMon, 23 Jun 2025 08:40:16 GMT - Mon, 15 Sep 2025 08:40:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7JGWL9SV66>m=45je5791v897130004za200zb9180563600&_p=1752325903392&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908318~104908320~104909302~104909304~104935091~104935093&cid=2146351131.1752325904&ecid=1115710958&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1752325903&sct=1&seg=0&dl=https%3A%2F%2F1xlite-65819.bar%2Fen%2Fblock&dt=1xBet&_tu=Kg&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=14299 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-65819.bar
date: Sat, 12 Jul 2025 13:11:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/css/dad7a6e4.css
200 OK 41 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/css/dad7a6e4.css
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with very long lines (40883), with no line terminators
Hash f14bcc7510c4f26df7bd2f918d16d8f8
4ef37e2e86bd42557aa87de9f72705873e834412
498a8486a41b0056acc3eade4549254931682bd42d59a8d3636506e9e55f04cc
GET /main-static/104e7838/desktop/default/css/dad7a6e4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:31 GMT
content-type: text/css; charset=utf-8
traceparent: 00-a1040338c5be86e526e181888bb5878b-6704aeb59e835d0c-01
last-modified: Fri, 11 Jul 2025 12:10:05 GMT
etag: W/"f14bcc7510c4f26df7bd2f918d16d8f8"
x-amz-meta-mtime: 1752235802.26900253
content-encoding: gzip
expires: Sat, 12 Jul 2025 13:48:40 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84066
cache: HIT
x-cached-since: 2025-07-11T13:50:25+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_9dbebb7bf7429be051f97559a7dbc2f5.json
200 OK 139 kB URL GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_9dbebb7bf7429be051f97559a7dbc2f5.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Size 139 kB (139130 bytes)
Hash 0d9e518c325f91b41b60aeace4cafa02
230564f0adb283308bdd413ea33cf5ed23165f41
a16bbbb8c0267873f1c1754894a92adfec7b27527595f51a6a33b90304518bfc
GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_9dbebb7bf7429be051f97559a7dbc2f5.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json; charset=utf-8
traceparent: 00-ae548daeacbeb881b42e4a24508f35af-945b87cbbf4c9893-01
last-modified: Fri, 11 Jul 2025 14:06:46 GMT
etag: W/"0d9e518c325f91b41b60aeace4cafa02"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 11 Jul 2025 15:12:07 GMT
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3111
cache: HIT
x-cached-since: 2025-07-12T12:19:42+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json
200 OK 328 B URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 4347fc050ebe622e30a7bf78a213b5a0
c05b3b571980b01ff9f07e6adc1c29c58be70bd1
ed1b1193a248bf273141c31b7f74dd1224416b3757e5a71f2e7d579c50d65d57
GET /genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json
content-length: 328
traceparent: 00-8522098b5fac8d97cdc8e3784bc46c5b-577d18d788b3835d-01
last-modified: Thu, 27 Feb 2025 10:51:50 GMT
etag: "4347fc050ebe622e30a7bf78a213b5a0"
expires: Thu, 27 Feb 2025 12:17:56 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2491
cache: HIT
x-cached-since: 2025-07-12T12:30:03+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/css/e45d3c54.css
200 OK 14 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/css/e45d3c54.css
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with very long lines (13478), with no line terminators
Hash 74ac1e9c5cab64b7d31ed8deccbd2659
ed589fe1c672ce7baa4ae8caa2d969d2941c4332
5cbce6d9cbdb897a99ac14285ec6dca35d84382aa1a94cf96e555b5811039dbe
GET /main-static/104e7838/desktop/default/css/e45d3c54.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:31 GMT
content-type: text/css; charset=utf-8
traceparent: 00-a17624800225871f364f924cb4b37875-50ed1e4ab4f943c6-01
last-modified: Fri, 11 Jul 2025 12:10:05 GMT
etag: W/"74ac1e9c5cab64b7d31ed8deccbd2659"
x-amz-meta-mtime: 1752235802.26900253
content-encoding: gzip
expires: Sat, 12 Jul 2025 13:48:40 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84066
cache: HIT
x-cached-since: 2025-07-11T13:50:25+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/501dc4fd49.js
200 OK 1.2 kB URL GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/501dc4fd49.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (1165)
Hash 33375a10767bdcf330d278a0f2f2c7ba
c8422369a096dff407c8013feb5359927c97ebf1
ff26fc146f52caea069c066e19a9a01553cf746d6d941cd6ac2b286dcc36a1f8
GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/501dc4fd49.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2045eab47adde385a52cc1c1d4161cfc-d18bf718efc2b45e-01
last-modified: Thu, 10 Jul 2025 06:49:47 GMT
etag: W/"33375a10767bdcf330d278a0f2f2c7ba"
x-amz-meta-mtime: 1752129861.788179212
content-encoding: gzip
expires: Sat, 12 Jul 2025 06:52:55 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 22407
cache: HIT
x-cached-since: 2025-07-12T06:58:07+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/vendors/app-e7543679.js
200 OK 941 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/vendors/app-e7543679.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (64133)
Size 941 kB (941291 bytes)
Hash 8b48b6abcd250a4454e17ddd56163484
a635fffb25123dbb89348c472c803ff09f972754
8cf96c65ac0130bf6608416b8a17c98cffbc0e4038549246222f898102b051b7
GET /main-static/104e7838/desktop/default/vendors/app-e7543679.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-7797165833d932927bbce32aa5bc7a49-5b6dae345c24846b-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: W/"8b48b6abcd250a4454e17ddd56163484"
x-amz-meta-mtime: 1752235802.27700261
content-encoding: gzip
expires: Sun, 13 Jul 2025 13:11:32 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/78e1228f56f3d966ed7fcfded728f899.json
200 OK 23 kB URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/78e1228f56f3d966ed7fcfded728f899.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash bc3c79e764880121898f78d58c54ac21
0e1fb57593fa0c59e51e06040bf3a6b4c868b430
8bcfd2c3d6f34658a491941dbffa8478d7c2462340b78e1dd82d4b91c9a3163d
GET /genfiles/cms/1-285/desktop/media_asset/78e1228f56f3d966ed7fcfded728f899.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json
traceparent: 00-7964240dabdadf39ae132be3603ef1a1-87cbe96d714af6bf-01
last-modified: Tue, 01 Jul 2025 08:15:39 GMT
etag: W/"bc3c79e764880121898f78d58c54ac21"
content-encoding: gzip
expires: Fri, 11 Jul 2025 12:03:46 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2217
cache: HIT
x-cached-since: 2025-07-12T12:34:36+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/24c0772c7f.js
200 OK 1.7 kB URL GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/24c0772c7f.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (1388)
Hash 0ff355babb71cde47e2bdd8916af0c6e
6c687b9f23d267223336b6777abdb839fe84b12b
25229d3a4716d87a6a7b1a0b2928da36e9dd62a8cdf451c3b3fcbba51e44671e
GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/24c0772c7f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-fd334c69dd71df62755b278fa278ea76-f4739184cf11cb40-01
last-modified: Thu, 10 Jul 2025 06:49:47 GMT
etag: W/"0ff355babb71cde47e2bdd8916af0c6e"
x-amz-meta-mtime: 1752129861.79317962
content-encoding: gzip
expires: Fri, 11 Jul 2025 06:58:08 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 21632
cache: HIT
x-cached-since: 2025-07-12T07:11:01+00:00
X-Firefox-Spdy: h2
GET 1xlite-65819.bar/hd-api/external/0197fec3-4cce-7dd5-b539-1d969cf95f96.js
200 OK 308 kB URL GET 1xlite-65819.bar/hd-api/external/0197fec3-4cce-7dd5-b539-1d969cf95f96.js
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 308 kB (307765 bytes)
Hash 86c84ba8af88b09c7d44d1ba9991d9cf
b8b384329d010da4b570950da1ae93b3d2110d15
62c3062a0ccec78f5bc780a6aaa30edef9e021873cc65eae726af3da38fbbf66
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /hd-api/external/0197fec3-4cce-7dd5-b539-1d969cf95f96.js HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1280; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648; SESSION=6cdd8a0c2d96ab5f06790cf17da33b44
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:41 GMT
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0, must-revalidate
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-hd-trace-id: 4de1a7c6-96a7-465d-aef1-e085bac07516
x-request-guid: dab92cf79f0b8015318d0c27c7534acf
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.024, wf-uht;dur=0.020
X-Firefox-Spdy: h2
POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
200 OK 23 B URL POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash 3a104e18f92a49cf6bd52bc60c2c6588
d4aaf714b4e984e483d4ab2012da1936e47405d4
634b7e10622a62f09ee0b7e2f7c73fbc417ec129777a26d91c0842bd4009b89b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 1cf1fe85-bf22-4a71-a6a8-87765e319d24
Content-Length: 48
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.013, wf-uht;dur=0.012
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json
200 OK 3.6 kB URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 4b08975411699bcd7464f49777e866bf
2a9b0a0f3eadf5f3e1ef688bacd9560dd59c73d2
b6208d18413f8988db2e0040ff72516c0cb5e06d3d9692b5b098808ab46fc378
GET /genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json
traceparent: 00-fddaca29134acefec43846bcc3735bc7-76cfcd2661daf00d-01
last-modified: Thu, 27 Feb 2025 09:06:12 GMT
etag: W/"4b08975411699bcd7464f49777e866bf"
content-encoding: gzip
expires: Thu, 27 Feb 2025 10:17:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2491
cache: HIT
x-cached-since: 2025-07-12T12:30:03+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json
200 OK 241 B URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 39257fbb62736206d5245e08925d7b60
4c11e3cb6a16b884772b88acdba30a2ad98e86b8
3a3cf0f5c60899ffb49d9825516aec475fd7b78cea8ae0b5b58dfb4e658f041e
GET /genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json
content-length: 241
traceparent: 00-67e3aa131c9d1b4fa49ac7c0a3236a44-10baa60ea9097437-01
last-modified: Thu, 27 Feb 2025 13:24:25 GMT
etag: "39257fbb62736206d5245e08925d7b60"
expires: Thu, 27 Feb 2025 14:48:35 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1572
cache: HIT
x-cached-since: 2025-07-12T12:45:22+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json
200 OK 14 kB URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 811ce3b7877d19901e45430cb6523d62
16a905115a678fdef3923f91c6f76cbab613e84d
10fbb74dbac63abfe9c4f5a77abc03757ef3527a479d4ae70dc977b515eec8cb
GET /genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json
traceparent: 00-2f27e2c875045755014e320d82623c29-6d081d72faca5879-01
last-modified: Thu, 27 Feb 2025 09:04:01 GMT
etag: W/"811ce3b7877d19901e45430cb6523d62"
content-encoding: gzip
expires: Sat, 12 Jul 2025 10:59:59 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 451
cache: HIT
x-cached-since: 2025-07-12T13:04:02+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js
200 OK 69 B URL GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 2cdaa92927f02e0b628f1ef4d7dd8caf
9104a2e16ed080b80a42588b8aeb52ebec47ab7a
ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db
GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
content-length: 69
traceparent: 00-f496230368b3d77be6e83385632097e1-866b9683100b72b2-01
last-modified: Thu, 10 Jul 2025 06:49:47 GMT
etag: "2cdaa92927f02e0b628f1ef4d7dd8caf"
x-amz-meta-mtime: 1752129861.788179212
expires: Fri, 11 Jul 2025 19:25:49 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 63778
cache: HIT
x-cached-since: 2025-07-11T19:28:35+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
200 OK 23 B URL POST 1xlite-65819.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash dd3298659b41068ba9e6d25990cd3612
9f19aafeb228283e1a05bb0d2f8a55ba2df1c18e
01dc82fd129fad5ab1a79193b8f9796f4ad65246c4d3ceecb77c1b3090441b59
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 1cf1fe85-bf22-4a71-a6a8-87765e319d24
Content-Length: 72
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1280; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.022, wf-uht;dur=0.013
X-Firefox-Spdy: h2
GET 1xlite-65819.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js
200 OK 760 B URL GET 1xlite-65819.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
File type JavaScript source, ASCII text, with very long lines (759)
Hash 0b911773e0df627d77f8306c86e228aa
0d584bb1a3294e4fe42df4582dcc8a2c8f77f7bb
01e4926540498a77d866259516007d41fae1213ab9607db826f011d926fd6006
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1280; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648; SESSION=6cdd8a0c2d96ab5f06790cf17da33b44
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:41 GMT
content-type: text/javascript; charset=utf-8
content-length: 492
cache-control: public, max-age=300
content-encoding: gzip
etag: 0b911773e0df627d77f8306c86e228aa
vary: Accept-Encoding
x-dt: 455
x-request-guid: d2d4b13362302e7595ac01ef239af54d
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.008, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
200 OK 64 kB URL GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Hash 6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:42 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-c19f4d8a4a2e1f21e8db7d4450762516-1d2830cfb1ca41a6-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1449
cache: HIT
x-cached-since: 2025-07-12T12:47:33+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
200 OK 64 kB URL GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Hash a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:42 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-9657529afc09cd304e7016555e08bafb-2aa098f51c8cc9bd-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Sat, 12 Jul 2025 05:11:33 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2912
cache: HIT
x-cached-since: 2025-07-12T12:23:10+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
POST 1xlite-65819.bar/hd-api/external/verify
200 OK 742 B URL POST 1xlite-65819.bar/hd-api/external/verify
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash 526d8133c0e0b78d7b64b6c00ab26788
fc275fd00479e5fc225d4843f551481c49415cb0
a66311fdc57b148b9adad8fa43d5d749d3c94d81ff6070ee57050243649e68c4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /hd-api/external/verify HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
Content-Type: text/plain;charset=UTF-8
Content-Length: 108845
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1280; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648; SESSION=6cdd8a0c2d96ab5f06790cf17da33b44
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:43 GMT
content-type: application/json
content-length: 607
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-request-guid: 5199309af0ae5908ce6f745ab4e831c8
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.006, wf-uht;dur=0.053
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9c2365ca58e0fb54268fd4914d751b9.json
200 OK 14 kB URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9c2365ca58e0fb54268fd4914d751b9.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 1a7ec72aad44f9540cb604d7cde5ff38
65e5851d652e0471c213282efb5eeee31ae813db
94d4bf6bc00a09b766ea0ba441e860dc40ee6d398be80e89016dd0ee662869d6
GET /genfiles/cms/1-285/desktop/media_asset/d9c2365ca58e0fb54268fd4914d751b9.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json
traceparent: 00-240e1ea40a33408fff93ef1fd1d66271-dbe06230a1cd01fa-01
last-modified: Mon, 16 Jun 2025 11:25:45 GMT
etag: W/"1a7ec72aad44f9540cb604d7cde5ff38"
content-encoding: gzip
expires: Sat, 12 Jul 2025 07:33:38 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 849
cache: HIT
x-cached-since: 2025-07-12T12:57:24+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js
200 OK 865 B URL GET v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (840)
Hash 0af3fe0c072a5bb3b6c731767187982f
55db5afb57265dc92fd121fe9ae565ffb2f53b2c
655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30
GET /sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
content-length: 865
traceparent: 00-fafde70b9887161eeeaed142fc7562ce-702db67439f6f384-01
last-modified: Fri, 11 Jul 2025 13:54:13 GMT
etag: "0af3fe0c072a5bb3b6c731767187982f"
x-amz-meta-mtime: 1752241725.428363187
expires: Sun, 13 Jul 2025 08:09:25 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 17404
cache: HIT
x-cached-since: 2025-07-12T08:21:29+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET refpa426945.one/L?tag=d_44402m_14219c_[]MS[]null[]null[]general[]28753948_d28986_l18403_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=6990902404166837530
303 See Other 284 kB URL User Request GET refpa426945.one/L?tag=d_44402m_14219c_[]MS[]null[]null[]general[]28753948_d28986_l18403_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=6990902404166837530
IP
ASN #202492 Silverhill Group Holding Ltd
Certificate IssuerLet's Encrypt
Subjectrefpa426945.one
FingerprintBD:A6:0C:46:1A:C5:61:A1:D5:8B:FC:DD:AA:AA:62:FC:49:1F:BE:87
ValidityThu, 05 Jun 2025 13:00:36 GMT - Wed, 03 Sep 2025 13:00:35 GMT
Size 284 kB (284486 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /L?tag=d_44402m_14219c_[]MS[]null[]null[]general[]28753948_d28986_l18403_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=6990902404166837530 HTTP/1.1
Host: refpa426945.one
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 303 See Other
server: nginx
date: Sat, 12 Jul 2025 13:11:29 GMT
location: https://1xlite-65819.bar:443/en?tag=d_44402m_14219c_[]MS[]null[]null[]general[]28753948_d28986_l18403_clickunder&pb=c4a963618a5742d9870d0059bcae60ae&click_id=6990902404166837530
set-cookie: A_14219_v=0; expires=Sun, 13 Jul 2025 13:11:29 GMT; path=/; secure
A_14219_c=1; expires=Sun, 13 Jul 2025 13:11:29 GMT; path=/; secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_afaf81e30d642b97c9a47adfabb20735.json
200 OK 9.7 kB URL GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_afaf81e30d642b97c9a47adfabb20735.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash d75b2ed6baf27beaa7c13a8eedee98ba
0f0bc6e193b2de4642068dfc72b0bcb193469f78
0d9a0565ceab3ff1bc46ea48f330012693f8958784f13ec7681644d180b2d503
GET /genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_afaf81e30d642b97c9a47adfabb20735.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json; charset=utf-8
traceparent: 00-c7655773c1b72e04b792a2115e49f0de-c08ebf6f35b4ebb6-01
last-modified: Thu, 26 Jun 2025 16:06:49 GMT
etag: W/"d75b2ed6baf27beaa7c13a8eedee98ba"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 11 Jul 2025 15:07:49 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1808
cache: HIT
x-cached-since: 2025-07-12T12:41:25+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js
200 OK 159 kB URL GET v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type ASCII text, with very long lines (65509)
Size 159 kB (158815 bytes)
Hash 1da464d70e78b04b9b808e82e4ad9487
0c79e65516d1525ecb43d13cfb4ccb0631095a28
b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595
GET /sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-32dfa77b416159c45adfcafb2f54c43c-6e69e9a9706ff962-01
last-modified: Sat, 12 Jul 2025 06:46:42 GMT
etag: W/"1da464d70e78b04b9b808e82e4ad9487"
x-amz-meta-mtime: 1752302690.798106765
content-encoding: gzip
expires: Sun, 13 Jul 2025 08:09:24 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 17404
cache: HIT
x-cached-since: 2025-07-12T08:21:29+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/main-static/104e7838/desktop/default/commons/app-b02bd1c8.js
200 OK 138 kB URL GET v3.traincdn.com/main-static/104e7838/desktop/default/commons/app-b02bd1c8.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65476)
Size 138 kB (137774 bytes)
Hash cdd59493abdbe2a455843601a7d4d00b
e5fa84f9f4dd2fdd114b1044ccf29eb85379a5e2
45d4d2a0f69c09bd60f79cb1e82df89da3b82a98852eeb3dcdaf3e51d6931aeb
GET /main-static/104e7838/desktop/default/commons/app-b02bd1c8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:32 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-3a6df1c26e2d0debdaba56641a5a6b34-4958da22e02f2f2a-01
last-modified: Fri, 11 Jul 2025 12:10:04 GMT
etag: W/"cdd59493abdbe2a455843601a7d4d00b"
x-amz-meta-mtime: 1752235802.265002491
content-encoding: gzip
expires: Sat, 12 Jul 2025 13:48:41 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84067
cache: HIT
x-cached-since: 2025-07-11T13:50:25+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_cddbc9f9f68eec0edd648d7fc656a30a.json
200 OK 28 kB URL GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_cddbc9f9f68eec0edd648d7fc656a30a.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash e7fa5d4b44fe5d441391a5338da8f25b
d26a581526af70713c444d3ed734bfbfccb9e606
333d915c8dbdea6f31c0e9e057bdc08c451bead6286ae5f1f59b9012ab741684
GET /genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_cddbc9f9f68eec0edd648d7fc656a30a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json; charset=utf-8
traceparent: 00-10bbe6243baaab2a49c6405e0b2c8176-b1d673cd3ed3723e-01
last-modified: Mon, 07 Jul 2025 16:06:32 GMT
etag: W/"e7fa5d4b44fe5d441391a5338da8f25b"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 11 Jul 2025 15:56:27 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3589
cache: HIT
x-cached-since: 2025-07-12T12:11:44+00:00
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json
200 OK 765 B URL GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 00f980f23f1b4c1ccee99ed49e0a8feb
4cb07094de9bffff1bf81d94446280b91013b660
bb3be3377fbb8e66a4b5a8a3866dfd865a37cb4a96482ab2f439981e03b57cea
GET /genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:33 GMT
content-type: application/json; charset=utf-8
content-length: 765
traceparent: 00-0bf526fe86ae2c09daaf5a77db9cc931-89dc7339772bdbee-01
last-modified: Wed, 11 Oct 2023 12:52:53 GMT
etag: "00f980f23f1b4c1ccee99ed49e0a8feb"
cache-control: max-age=3600
expires: Thu, 16 Jan 2025 10:53:47 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2604
cache: HIT
x-cached-since: 2025-07-12T12:28:09+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7566bd9ad3.js
200 OK 855 B URL GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7566bd9ad3.js
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (854)
Hash 31da2f013dd8f13fc924a83528053048
d6269f40467d76bb03624f81e02203e75625ff62
e322853e937f95461673bb66d7cdf54d7ac5fe89acd5950a0fdb8aa1f573ebce
GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7566bd9ad3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: text/javascript; charset=utf-8
content-length: 855
traceparent: 00-8dc60a6229d92b3dbc2b625724f02d93-02f13b9e2342b096-01
last-modified: Thu, 10 Jul 2025 06:49:47 GMT
etag: "31da2f013dd8f13fc924a83528053048"
x-amz-meta-mtime: 1752129861.791179456
expires: Fri, 11 Jul 2025 07:04:27 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 21633
cache: HIT
x-cached-since: 2025-07-12T07:11:01+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2
GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json
200 OK 1.1 kB URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json
IP
ASN #199524 G-Core Labs S.A.
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT
Hash 338264fc869e8f0b86b0d6c9d92102b0
83b4d35816df0e1486b766251e74d23f28b77824
015355a44429f40dd63b566dd1e9b1b76af3dfa28dcd25a43e82820ba0847b8d
GET /genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/
Origin: https://1xlite-65819.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json
traceparent: 00-a7bfdcc116553e788bee466b753a9ca9-ddb0c22fe7d951fa-01
last-modified: Thu, 16 May 2024 19:05:13 GMT
etag: W/"338264fc869e8f0b86b0d6c9d92102b0"
content-encoding: gzip
expires: Fri, 11 Jul 2025 17:00:41 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2218
cache: HIT
x-cached-since: 2025-07-12T12:34:36+00:00
X-Firefox-Spdy: h2
GET 1xlite-65819.bar/bff-api/config/group/get?groups=d.technical&lang=en
200 OK 730 B URL GET 1xlite-65819.bar/bff-api/config/group/get?groups=d.technical&lang=en
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerLet's Encrypt
Subject1xlite-65819.bar
FingerprintCC:32:FE:CA:AC:28:3F:D5:3D:E8:1C:77:72:7C:7D:6C:38:94:51:66
ValidityMon, 02 Jun 2025 10:34:06 GMT - Sun, 31 Aug 2025 10:34:05 GMT
Hash 87ec2701f4efb3b20790e1a967af79be
8c7a33e8de1fadc580287953380b136d261c27f5
add58098a30e646183c0c004afd7cdb345b576ed641263c6b19ab40c18d75395
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bff-api/config/group/get?groups=d.technical&lang=en HTTP/1.1
Host: 1xlite-65819.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-65819.bar/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-svc-source: __TECHNICAL_PAGES_APP__
x-app-n: __TECHNICAL_PAGES_APP__
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder; postback_watcher=%7B%22tag%22%3A%22d_44402m_14219c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D28753948_d28986_l18403_clickunder%22%2C%22pb%22%3A%22c4a963618a5742d9870d0059bcae60ae%22%2C%22click_id%22%3A%226990902404166837530%22%7D; auid=uaJaFWhyXwJ0/fd6A9TPAg==; window_width=1920; che_g=6de09b55-9e69-3c6e-73ce-4fa31dd78648
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 13:11:34 GMT
content-type: application/json
content-length: 730
cache-control: no-cache, private
server-timing: dt_total;dur=0.111, bff;dur=41.79, wf-uht;dur=0.054
x-dt: 285
x-pod: R-svk75
x-time-ng: 0.043
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&cx=c>m=45He5791v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093
200 OK 472 kB URL GET www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&cx=c>m=45He5791v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093
IP
Requested by https://1xlite-65819.bar/en/block
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint3A:12:37:38:16:E5:9F:51:4E:B7:1D:5F:1F:C0:84:BB:92:EA:9E:20
ValidityMon, 23 Jun 2025 08:40:16 GMT - Mon, 15 Sep 2025 08:40:15 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)
Size 472 kB (471844 bytes)
Hash a405fdf590ce6715216f48cad0c89c42
b3e2e014d36f26f7ac08642db2e32c1432c71d88
72f09a06d7cb4599e10cce99fcc5fbf4eea902c55a6a25e844301acadf204f61
GET /gtag/js?id=G-7JGWL9SV66&cx=c>m=45He5791v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104908321~104908323~104909302~104909304~104935091~104935093 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-65819.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 12 Jul 2025 13:11:43 GMT
expires: Sat, 12 Jul 2025 13:11:43 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 150964
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
178.253.46.197
142.250.178.100
185.162.90.21
185.244.209.62
0.0.0.0