Report - refpaasxufov.top/L?tag=d_42282m_22719c_[]MS[]null[]null[]general[]igetp2583ff3219_d27775_l190859_clickunder&pb=4af4bf2b69b04f5484545de344ba50ee&click

Report Overview

Visited public
2025-07-02 00:36:03
Tags
Submit Tags
URL
refpaasxufov.top/L?tag=d_42282m_22719c_[]MS[]null[]null[]general[]igetp2583ff3219_d27775_l190859_clickunder&pb=4af4bf2b69b04f5484545de344ba50ee&click_id=41b7c220-56dc-11f0-8e89-33341e736fd6
Finishing URL
1xlite-04283.bar/en/block
IP / ASN
178.253.46.19
#202492 Silverhill Group Holding Ltd
Title
1xBet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.no	25607	2001-02-26	2012-06-26	2025-06-25	879 B	580 B	142.250.74.131
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2025-06-25	2.0 kB	1.7 kB	216.239.32.36
www.google.com	7	1997-09-15	2015-05-10	2025-06-25	1.7 kB	1.2 kB	142.250.74.68
radar.cedexis.com	3035	2009-01-07	2013-11-27	2025-06-27	848 B	1.4 kB	45.54.49.5
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2025-06-26	35 kB	5.6 MB	185.244.209.62
1xlite-04283.bar	unknown	2025-06-02	2025-07-01	2025-07-01	26 kB	960 kB	185.162.90.16
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-06-25	2.1 kB	1.5 MB	142.250.74.136
refpaasxufov.top	unknown	2020-05-26	2025-05-16	2025-06-24	657 B	275 kB	178.253.46.19

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-01	medium	1xlite-04283.bar	Sinkholed

ThreatFox

No alerts detected

JavaScript (54)

	URL	From	Size	First Seen	Last Seen
	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c3e31d18c2.js	ImportedModule	3.7 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c3e31d18c2.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen22 Hash 13149149d354db73f34ccc8bc5df0ae1 820623b9a728d3dc517f6b3f566d66aaa6c181c3 92129a598278ce04fc5fbfd7c2384b7952ab0859a5516d9d56d6bc960da17e4c Loading...

	1xlite-04283.bar/en/block	Function	34 B	2023-04-14	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-02 10:22 Times Seen5666 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	v3.traincdn.com/main-static/ea82d199/desktop/default/Betting.Core-9df10cf6.js	ScriptElement	2.2 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/main-static/ea82d199/desktop/default/Betting.Core-9df10cf6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash 337479209fd6b22479604db58c706f0f 246ea56ac9b3d781384dc174d6c47a6aa4d6e8c7 22b6184c2ca96d45398446dc6a79e44b1fffc3c1bd9b1d8b05ffe6dd200c550c Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js	ImportedModule	159 kB	2025-05-14	2025-07-02
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-02 10:22 Times Seen840 Hash 1da464d70e78b04b9b808e82e4ad9487 0c79e65516d1525ecb43d13cfb4ccb0631095a28 b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/8311c39f50.js	ScriptElement	1.2 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/8311c39f50.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen22 Hash f2935b4bbd1a81a857561f940048d3d8 21df199f5cb6aafa21ab6c28475bae9095a07531 025fb97adb7ca0a3fad2abb007a973f36466d4bf800e15e578c2d99a1ccd08a0 Loading...

	1xlite-04283.bar/captcha-api/assets/hunt-captcha.js	ScriptElement	88 kB	2025-07-01	2025-07-02
Pretty URL 1xlite-04283.bar/captcha-api/assets/hunt-captcha.js IP 185.162.90.16 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen33 Hash 4cb7a52bd97c61968d597909e338caba ecf86a8b2faef71a2ef716bc5b65b0596df3a0a0 3466c843d3bd703c1cdedc5493ad46030a026e997ec2fab895efca13033d3066 Loading...

	v3.traincdn.com/main-static/ea82d199/desktop/default/analytics-9cde0fe3.js	ScriptElement	7.1 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/main-static/ea82d199/desktop/default/analytics-9cde0fe3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash 739d60cb6c5db5efb27a5816027517f6 0d8f4010f62f9d1c435907d4400b7d1f140a02ca dcc3f916f3db73d2714bc0e6ceb485dbe6470c1c57093fa9b2b9ce8e66eb9ee4 Loading...

	1xlite-04283.bar/en/block	ScriptElement	1.7 kB	2025-07-01	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash 2691aa25ca3c73528be563d1ec09dec6 aabca1d61ed96e8ffee71ea471a493ee10e9acaa 23c8ad3a7b9853069368cae768f31fd4566bf00d60c4efb7fc13ed34561763e1 Loading...

	v3.traincdn.com/main-static/ea82d199/desktop/default/DC-6c50dc46.js	ScriptElement	2.7 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/main-static/ea82d199/desktop/default/DC-6c50dc46.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash be2ab9338cb2115ef51a3b712769ad7d 6cc9f71183b45d3fff1f67752c63d5603fd9c8aa 299ee694b2a2d5f4fc90d48e5d58b4673a2780092f8fff09e5420dfa7c06c920 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js	ImportedModule	19 kB	2025-05-14	2025-07-02
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-02 10:22 Times Seen840 Hash 1580a3cfe81fd30910a49dfe64cc8e7b 314144dc49595482ba46c0b85b38d5f73ef73a7b 8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/37f528afaa.js	ImportedModule	147 B	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/37f528afaa.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen22 Hash 21272f88ee8819d56a309ba23a33f2e7 ed4a3fa786b16faa05c58e24f797b6ce0a2c65a2 1629255d9930ad5582aeea4bcc67c7641f4af7f1d521aa0d83d0380c256900ba Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/db2ceca3d6.js	ScriptElement	3.3 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/db2ceca3d6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen22 Hash 5659de57636f7d1db6a662c83c32302e 04654e59e2eb96db80c1148468585ade3870c757 4498fcc20c1a2459cf2fb7fef135ea0c6271b8468265ae4c87239c38050f8f97 Loading...

	1xlite-04283.bar/en/block	Function	47 B	2023-04-14	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-02 10:22 Times Seen5655 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	1xlite-04283.bar/main-static/ea82d199/check-ob.js	ScriptElement	219 B	2024-07-17	2025-07-02
Pretty URL 1xlite-04283.bar/main-static/ea82d199/check-ob.js IP 185.162.90.16 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-17 14:33 Last Seen2025-07-02 10:22 Times Seen1959 Hash c065700c9c8c493403359e1f2baa10d9 4630fe729e70bdf63fa7ba6c84ec277fd1f51030 1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js	ImportedModule	30 kB	2025-05-14	2025-07-02
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-02 10:22 Times Seen840 Hash 02cf95f00794b77df34632e34a59c5be b64889fb6cbe78a141688ea761a627997ef8a8af bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83 Loading...

	1xlite-04283.bar/en/block	Function	294 kB	2025-07-02	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2025-07-02 00:36 Last Seen2025-07-02 00:36 Times Seen1 Hash b82884c19a8177a9b5aaa2af491f65b5 81872d6fb6f6338e27ba97652ac62f26d951e609 00d74754a58d932f299080f853f810caa530a81615710b1a75808fe11f99b30d Loading...

	data:text/javascript,export const meta = import.meta;	ScriptElement	32 B	2023-12-06	2025-07-02
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-02 10:22 Times Seen3534 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js	ImportedModule	21 kB	2025-05-14	2025-07-02
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-02 10:22 Times Seen840 Hash 3cf0cae38afae9add22f7884e5061231 2a41037501375a439385a76a047876619683418f 322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	ScriptElement	472 kB	2025-07-02	2025-07-02
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-02 00:36 Last Seen2025-07-02 00:36 Times Seen1 Hash 80b6e0a634c0d52413b33b8e7cd14c65 4c91a8957527ee0fa149be7dfe66962936d46579 6955c3a8011308f16c4e5f13ddf4e092ea0e8ace60f6a9ac6b790132a013aac5 Loading...

	v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js	ImportedModule	16 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen32 Hash b95f2867a4f69c6f87508d4376778ab8 34b733244053bb0634826b593e14e88782e81680 f318dcd075506078ef1811c0a12962c5fed8811ee39cc3c77691a81063e05340 Loading...

	v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_39ee820b5d.js	ImportedModule	1.4 MB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_39ee820b5d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen32 Hash b11c55ebdf08b864af674c29b96b53cf 8a8e00c8008ff560defe7512a75661cf50e107e4 449f5897ffc01843ef4501c53ddc7374d4f5af3cd668308aee7c71d1604e4fa3 Loading...

	1xlite-04283.bar/en/block	ScriptElement	6.4 kB	2025-07-01	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-01 20:59 Last Seen2025-07-02 08:09 Times Seen17 Hash d208c869ac8d7f3fba5ff134c0e128a7 bbb9472f611416a5bbf086f2d8d20c524bebbe41 9454477ca243c9de92e1d9608933f37bd3071a0c3308f309aff7dd2ac8e79e75 Loading...

	v3.traincdn.com/main-static/ea82d199/desktop/default/app-4ee41774.js	ScriptElement	506 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/main-static/ea82d199/desktop/default/app-4ee41774.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash 155a9a93b502a0e17544d5764bc3c2e3 8fe0b35ee65d52bd99009f155d05992362dddae8 b0b9c147dbcf55c09f9f1b3d6b16fcea16b30ce839c79991bb63130070364307 Loading...

	1xlite-04283.bar/hd-api/external/assets/hdf.js	ScriptElement	4.1 kB	2025-06-05	2025-07-02
Pretty URL 1xlite-04283.bar/hd-api/external/assets/hdf.js IP 185.162.90.16 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-05 12:46 Last Seen2025-07-02 10:22 Times Seen563 Hash 40eaa62ed21bd753172f4c307e2a41d0 f7b03c6b004562311c8ca00466179629738b2a40 60fed8cb321dc09e4e1d910b5822bd8f67d53d0962a41ddc9f5ac33edd4e2213 Loading...

	v3.traincdn.com/main-static/ea82d199/desktop/default/Page.Block-fc519a68.js	ScriptElement	476 B	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/main-static/ea82d199/desktop/default/Page.Block-fc519a68.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash 63d2b12ee529c02e281a0774382391a6 2a16852e992152fbc7a1a4e62ed39b345d1f9d1b 45897e94c8069f26a514933983034f76cba665c685cdaaa1abf9270343414d04 Loading...

	1xlite-04283.bar/en/block	Function	44 B	2023-04-14	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-02 10:22 Times Seen5657 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	ScriptElement	343 kB	2025-07-02	2025-07-02
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-02 00:36 Last Seen2025-07-02 00:36 Times Seen1 Hash 1de4d0fb4489fee839934559b2c3db81 0490bb057cc64923172fb793ad4e51554b72a804 b3064c6dfccef64857c32b102d3d46db8eff17728f2d779230882a0cbc5917dd Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/aa45ffc40b.js	ImportedModule	2.0 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/aa45ffc40b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen22 Hash 8e566f532e491bde1cecdb109a815996 b9f1e897ee23861104496cd9613827914b84842a 222205d00d2bd0d4306f7848521d61a2c385bd8d266e8f8cfb226fa8c430b2e0 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a058452500.js	ImportedModule	2.4 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a058452500.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen22 Hash 90f3cbf6ab115a49c1cd555fcfcf04e0 57a807b26f0a505347a1243edb3d0152e429c7a9 a7711ab016b2cac21cd1eafe0dbb4cd27b576305efe70affd06b91588a2b1b46 Loading...

	1xlite-04283.bar/en/block	Function	47 B	2023-04-14	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-02 10:22 Times Seen5654 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He56u2v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056	ScriptElement	303 kB	2025-07-02	2025-07-02
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He56u2v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-02 00:36 Last Seen2025-07-02 00:36 Times Seen1 Hash 145ea0945ec93e68683f76dea1660b8c 00a6a5948a851736544961e310981ac39d4798c2 cab127f3bb4ba69b9405346cdf65a31fc0be7cb20dce54e09357d521c9b8fab1 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js	ImportedModule	69 B	2025-05-14	2025-07-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-02 10:22 Times Seen771 Hash 2cdaa92927f02e0b628f1ef4d7dd8caf 9104a2e16ed080b80a42588b8aeb52ebec47ab7a ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db Loading...

	1xlite-04283.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js	ScriptElement	760 B	2025-05-21	2025-07-02
Pretty URL 1xlite-04283.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js IP 185.162.90.16 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-21 09:35 Last Seen2025-07-02 10:22 Times Seen792 Hash 0b911773e0df627d77f8306c86e228aa 0d584bb1a3294e4fe42df4582dcc8a2c8f77f7bb 01e4926540498a77d866259516007d41fae1213ab9607db826f011d926fd6006 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-3557e40578.js	ScriptElement	21 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-3557e40578.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen22 Hash 0ebbc6d82729cd81c1b7b996685d28b9 36bfc4109d87fd28233e7381dc8ac1e726ff4c1e 5c2446adb88248931d2f8f6513cdc526f6b2f46489c400dbcd083fed79483b66 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ab375e68bf.js	ImportedModule	732 B	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ab375e68bf.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen22 Hash 462038f1fcbe09d76ef1e6776e9e7f88 8f34de8f97434d5d188d3f133fbc1abe02a4feab 67d04bd9a54d6c5d612d2dda38a4e43f5cb38128e2b2f97cf3d04b0d500e5a05 Loading...

	1xlite-04283.bar/en/block	Function	86 kB	2025-07-01	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen33 Hash 537ec0fd31f6d030ec22eba38fef3987 6b85d25846ed711ab1ebcda71be31d80140827a4 1b79e32e224fff89deea299f485d854ebddf2a4f92cecc4c5b070c34ca4f6f19 Loading...

	1xlite-04283.bar/en/block	ScriptElement	207 kB	2025-07-02	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-02 00:36 Last Seen2025-07-02 00:36 Times Seen1 Hash 9ae43e9d9f13316b94df562002f3d4f5 32202a9355cc9b558e1c57c018a39531fcb9fa96 871fe5c73e1b205921254b32dba9663154662bc627ecee4d51247b85e6fa4c12 Loading...

	v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.vue-notification-bb383c80.js	ScriptElement	13 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.vue-notification-bb383c80.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash a67050ffa30bf0d9ff1b27a02c1e43bf 0baba07b90180d62cbc2f96b9fb2de5e5920db78 b6c45b2d4d8e5336dc8402df992a63860283cef404ca7c4e8f19b9a77efcbd16 Loading...

	v3.traincdn.com/main-static/ea82d199/desktop/default/commons/app-1402de4b.js	ScriptElement	138 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/main-static/ea82d199/desktop/default/commons/app-1402de4b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash a45f549f820cb65433de3d063d10e578 ed29744183aa4a3455130e19fdc8c0305707b72a 46d54cd349a2eeb147cf9542553eb87499923fd0bfa0db5d36eefcefd074a0f2 Loading...

	1xlite-04283.bar/en/block	Function	96 B	2023-12-06	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-02 10:22 Times Seen3534 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js	ImportedModule	1.2 kB	2025-05-14	2025-07-02
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-02 10:22 Times Seen840 Hash 7e76c08e7f16815131a5f13a10c1efba 5f800877b78a0713157fe119bc1a2d9a260f72e1 c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc Loading...

	radar.cedexis.com/1/23802/radar.js	ScriptElement	390 B	2024-02-13	2025-07-02
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23 Last Seen2025-07-02 10:22 Times Seen2759 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js	ImportedModule	865 B	2025-05-14	2025-07-02
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-02 10:22 Times Seen840 Hash 0af3fe0c072a5bb3b6c731767187982f 55db5afb57265dc92fd121fe9ae565ffb2f53b2c 655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f857dd23c9.js	ImportedModule	1.2 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f857dd23c9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 10:22 Times Seen22 Hash 38183c9a785faa7ffbd8fdd6d6e57d15 c7caa8c605bb3c164a737141e3271880190b1995 fa1c8c0d8c8ce355964faee72047b5647828512bd7d8292c4f2b863cfcb10d44 Loading...

	v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/app-e5a9fd87.js	ScriptElement	940 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/app-e5a9fd87.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash 752ec4c635b69989d5f4de797faffb38 ebf67d5e518133ed58a7d9ba44de79a9f0d38959 8b51611862fd36f6a72958e455dae533fbaa6a04c6888b4f54649f5c90f17d10 Loading...

	1xlite-04283.bar/en/block	Eval	307 kB	2025-07-02	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-07-02 00:36 Last Seen2025-07-02 00:36 Times Seen1 Hash 232780a2a0a879c531685cc267286c49 29fccbc8be5becbd49f8d03cda1766c882da1a51 0597df5f42094dc9e7bf6148bc767ccfec388736fb975a9ba26ad61b72e78928 Loading...

	1xlite-04283.bar/en/block	Function	39 B	2023-04-14	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-02 10:22 Times Seen5659 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He56u2v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056	ScriptElement	353 kB	2025-07-02	2025-07-02
Pretty URL www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He56u2v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-02 00:36 Last Seen2025-07-02 00:36 Times Seen1 Hash dd7f91965d4ea08073a79c57ab7c101d b69a0564404ed6e46793a55f433cca3ba8a00d4f cf17fa1045f6a3634dbc501ddae1b18acc1ea22618a2dcd4f98e80b03a2f8b08 Loading...

	v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.vue-js-modal-b286ca57.js	ScriptElement	27 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.vue-js-modal-b286ca57.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash 2e4dec520f25b225abac6d00e0f1409b 288dbbefcd8f9fcf17995c6a6ce50aae64a9cf20 5551e6aeba7cc22f4486f3c0a992b32f5d4fb29f93e5df2f8e4b2f8dc4289103 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js	ImportedModule	1.3 kB	2025-05-14	2025-07-02
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-02 10:22 Times Seen840 Hash e3f1c4089db6b910890e85d97a2e2066 85828920da3c3fd7856acde184e835ac314295cd 6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614 Loading...

	1xlite-04283.bar/en/block	DomTimer	10 B	2024-09-21	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by domTimer Embedded in HTML false Observations First Seen2024-09-21 15:04 Last Seen2025-07-02 10:22 Times Seen1576 Hash 01f4b51b4ba7edd00ad9f0a22259f06e 00723d0eda4be61a7b1c542b0a08a94a94a60017 9fdac1c31a22f55dbb8ca225ee28c3f7e88b41cce82968af0018c9f8b3bd35ba Loading...

	v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.v-tooltip-37d6af68.js	ScriptElement	77 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.v-tooltip-37d6af68.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash e873f837ffa4ca1e1a36c631e5782f26 5a4c0ff0b18c2e866952ff507e66fb271d8e8bf6 1767aec2f12010a3242e7e7e31ed049d29120e7dd754356610c8bb924e795e72 Loading...

	v3.traincdn.com/main-static/ea82d199/desktop/default/runtime-536078f3.js	ScriptElement	19 kB	2025-07-01	2025-07-02
Pretty URL v3.traincdn.com/main-static/ea82d199/desktop/default/runtime-536078f3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-02 08:09 Times Seen20 Hash 682dac45cabf9d826cfeed445c20aa8e 77144eabf41872084fa678843d0190bcbce92b12 2df833e13d2ff0197c89e7bc945c5954d904b8211848fdbadd403d40b94faf7a Loading...

	1xlite-04283.bar/en/block	Eval	2.6 kB	2025-05-29	2025-07-02
Pretty URL 1xlite-04283.bar/en/block IP 185.162.90.16 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-05-29 01:53 Last Seen2025-07-02 10:22 Times Seen474 Hash 5236f6ffdc0b23f0b4a458e72ccc2e96 e312439a042f4c726d9566784a0783f5b66f86e9 ed52fb4838e482b45678a5ac8ab73644c4ea46d6a9ac659c20219094e1fdf5d3 Loading...

HTTP Transactions (102)

URL IP Response Size

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/8311c39f50.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/8311c39f50.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (895)
Size
1.2 kB (1241 bytes)
Hash
f2935b4bbd1a81a857561f940048d3d8
21df199f5cb6aafa21ab6c28475bae9095a07531
025fb97adb7ca0a3fad2abb007a973f36466d4bf800e15e578c2d99a1ccd08a0

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/8311c39f50.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-f7928637d7ad702c819d2f094ea9d932-02d9d77b367d2484-01
last-modified: Tue, 01 Jul 2025 13:57:17 GMT
etag: W/"f2935b4bbd1a81a857561f940048d3d8"
x-amz-meta-mtime: 1751378037.060056773
content-encoding: gzip
expires: Wed, 02 Jul 2025 14:01:31 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 37693
cache: HIT
x-cached-since: 2025-07-01T14:07:29+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f857dd23c9.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f857dd23c9.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1165)
Size
1.2 kB (1166 bytes)
Hash
38183c9a785faa7ffbd8fdd6d6e57d15
c7caa8c605bb3c164a737141e3271880190b1995
fa1c8c0d8c8ce355964faee72047b5647828512bd7d8292c4f2b863cfcb10d44

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f857dd23c9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-7340d2c35573ab24ce042fd64db3a595-d0405e04e3bfcba3-01
last-modified: Tue, 01 Jul 2025 13:18:49 GMT
etag: W/"38183c9a785faa7ffbd8fdd6d6e57d15"
x-amz-meta-mtime: 1751375621.333664451
content-encoding: gzip
expires: Wed, 02 Jul 2025 13:21:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 40426
cache: HIT
x-cached-since: 2025-07-01T13:21:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_5cc1bf118d7b875164af8c53c8a803f8.json

185.244.209.62

200 OK

23 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_5cc1bf118d7b875164af8c53c8a803f8.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
23 kB (22627 bytes)
Hash
9afee49f63f4d2ac14db51fd07c3edd5
6acfe5b5b96d0e21171f77505f1f60f64a153a6c
32e8547b67281682112006bc4184dfc7046574d3e68aa041e8f18676fe464253

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_5cc1bf118d7b875164af8c53c8a803f8.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json; charset=utf-8
traceparent: 00-4b9b51d1a7a758658f0332d7ce807629-a95d615781d866de-01
last-modified: Tue, 24 Jun 2025 16:06:49 GMT
etag: W/"65f962c78970253735873c5c28d77ca6"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 24 Jun 2025 17:18:13 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2193
cache: HIT
x-cached-since: 2025-07-01T23:59:07+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js

185.244.209.62

200 OK

19 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (19034)
Size
19 kB (19175 bytes)
Hash
1580a3cfe81fd30910a49dfe64cc8e7b
314144dc49595482ba46c0b85b38d5f73ef73a7b
8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-d354e8c522d9b72397bab95cfe0db91a-8b2e585e2e8a3210-01
last-modified: Tue, 01 Jul 2025 15:41:26 GMT
etag: W/"1580a3cfe81fd30910a49dfe64cc8e7b"
x-amz-meta-mtime: 1751384393.122320765
content-encoding: gzip
expires: Wed, 02 Jul 2025 19:04:12 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 19781
cache: HIT
x-cached-since: 2025-07-01T19:06:01+00:00
X-Firefox-Spdy: h2

POST 1xlite-04283.bar/hd-api/external/verify

185.162.90.16

200 OK

715 B

URL POST
1xlite-04283.bar/hd-api/external/verify
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JSON text data
Size
715 B (715 bytes)
Hash
a2fc1897d6e91cc2d69cafcf8c14c3cc
55264337882146cd36a4e86024f3fbed92bfe9e5
73ed739d46acc6127f101da9b66448be41df724c5ef3dff794888777f67cd194

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/verify HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
Content-Type: text/plain;charset=UTF-8
Content-Length: 108797
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1280; che_g=f0a64a02-2875-53c7-068f-e784653c799a; SESSION=102e50ae3efc590010d98896300c3136
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:51 GMT
content-type: application/json
content-length: 584
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-request-guid: dbb22744411915882ff5b9b7e4764544
x-time-ng: 0.008
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.054, wf-uht;dur=0.053
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.2 kB (1202 bytes)
Hash
26f10f416f0a3743c3362a51dd558a4b
6b458c43b5e31fc0515de1eb1a0e535855a3e936
8374658000ae2d2747471b9535397e6de0c036d4e1a767a2a523047f8d06cb73

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json; charset=utf-8
traceparent: 00-9ac0f948347a8d5fd31cbee72e2d20ef-b62bbb87fd2b2290-01
last-modified: Mon, 30 Jun 2025 14:06:32 GMT
etag: W/"26f10f416f0a3743c3362a51dd558a4b"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 30 Jun 2025 15:10:49 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2631
cache: HIT
x-cached-since: 2025-07-01T23:51:49+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/37f528afaa.js

185.244.209.62

200 OK

147 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/37f528afaa.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Java source, ASCII text
Size
147 B (147 bytes)
Hash
21272f88ee8819d56a309ba23a33f2e7
ed4a3fa786b16faa05c58e24f797b6ce0a2c65a2
1629255d9930ad5582aeea4bcc67c7641f4af7f1d521aa0d83d0380c256900ba

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/37f528afaa.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
content-length: 147
traceparent: 00-eae181c87687c3b472b299fb7dcf7d5d-4fe68460f8542382-01
last-modified: Tue, 01 Jul 2025 13:57:17 GMT
etag: "21272f88ee8819d56a309ba23a33f2e7"
x-amz-meta-mtime: 1751378037.060056773
expires: Wed, 02 Jul 2025 14:01:33 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 37693
cache: HIT
x-cached-since: 2025-07-01T14:07:29+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ab375e68bf.js

185.244.209.62

200 OK

732 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ab375e68bf.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (731)
Size
732 B (732 bytes)
Hash
462038f1fcbe09d76ef1e6776e9e7f88
8f34de8f97434d5d188d3f133fbc1abe02a4feab
67d04bd9a54d6c5d612d2dda38a4e43f5cb38128e2b2f97cf3d04b0d500e5a05

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ab375e68bf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
content-length: 732
traceparent: 00-a5077ccef94bbd2502ead5c0762d4f8d-c36a23ae4af0dcb6-01
last-modified: Tue, 01 Jul 2025 13:18:49 GMT
etag: "462038f1fcbe09d76ef1e6776e9e7f88"
x-amz-meta-mtime: 1751375621.333664451
expires: Wed, 02 Jul 2025 13:21:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 40426
cache: HIT
x-cached-since: 2025-07-01T13:21:56+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/version.json

185.244.209.62

200 OK

11 B

URL GET
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text
Size
11 B (11 bytes)
Hash
e182e80ea33d71e6b76d2b0f9e51083b
30fa3ff4d78d4c2a125f59e3b37e67f3d4270872
4e03ba7370626575eb3c1cdd5f3819c29abd56ba53247405669bf104c4e00b51

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: application/json
content-length: 11
traceparent: 00-90776611f651a8a2f76e645e5396b868-008d88a4248d9dec-01
last-modified: Tue, 01 Jul 2025 12:49:56 GMT
etag: "e182e80ea33d71e6b76d2b0f9e51083b"
x-amz-meta-mtime: 1751374196.28304585
expires: Tue, 01 Jul 2025 12:52:38 GMT
cache-control: max-age=60
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 38
cache: HIT
x-cached-since: 2025-07-02T00:35:01+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/runtime-536078f3.js

185.244.209.62

200 OK

19 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/runtime-536078f3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (18627), with no line terminators
Size
19 kB (18627 bytes)
Hash
682dac45cabf9d826cfeed445c20aa8e
77144eabf41872084fa678843d0190bcbce92b12
2df833e13d2ff0197c89e7bc945c5954d904b8211848fdbadd403d40b94faf7a

HTTP Headers

GET /main-static/ea82d199/desktop/default/runtime-536078f3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-676f687f309af876ae925fd7a296bdb6-d99db5ed0c3fea5c-01
last-modified: Tue, 01 Jul 2025 12:26:03 GMT
etag: W/"682dac45cabf9d826cfeed445c20aa8e"
x-amz-meta-mtime: 1751372762.321344154
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:10 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43269
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9c2365ca58e0fb54268fd4914d751b9.json

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9c2365ca58e0fb54268fd4914d751b9.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (14466 bytes)
Hash
1a7ec72aad44f9540cb604d7cde5ff38
65e5851d652e0471c213282efb5eeee31ae813db
94d4bf6bc00a09b766ea0ba441e860dc40ee6d398be80e89016dd0ee662869d6

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/d9c2365ca58e0fb54268fd4914d751b9.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json
traceparent: 00-ad762bd7ba73fc8d31319042e33947f3-dd699aff883f2bd8-01
last-modified: Mon, 16 Jun 2025 11:25:45 GMT
etag: W/"1a7ec72aad44f9540cb604d7cde5ff38"
content-encoding: gzip
expires: Mon, 16 Jun 2025 12:42:27 GMT
cache-control: max-age=3600
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2431
cache: HIT
x-cached-since: 2025-07-01T23:55:09+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json

185.244.209.62

200 OK

765 B

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
765 B (765 bytes)
Hash
00f980f23f1b4c1ccee99ed49e0a8feb
4cb07094de9bffff1bf81d94446280b91013b660
bb3be3377fbb8e66a4b5a8a3866dfd865a37cb4a96482ab2f439981e03b57cea

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json; charset=utf-8
content-length: 765
traceparent: 00-3a40bb7185f38423572d185bbdb5238b-dc4c40a586cbca96-01
last-modified: Wed, 11 Oct 2023 12:52:53 GMT
etag: "00f980f23f1b4c1ccee99ed49e0a8feb"
cache-control: max-age=3600
expires: Thu, 16 Jan 2025 10:53:47 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1551
cache: HIT
x-cached-since: 2025-07-02T00:09:49+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/checker/redirect/stat/run/

185.162.90.16

200 OK

14 B

URL GET
1xlite-04283.bar/checker/redirect/stat/run/
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1280; che_g=f0a64a02-2875-53c7-068f-e784653c799a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/css/7fe5f71b.css

185.244.209.62

200 OK

3.3 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/css/7fe5f71b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3313), with no line terminators
Size
3.3 kB (3313 bytes)
Hash
c610b8710368de3bf2f1c5bb581b6a3a
f67bc86785d434adb2e81a356a7926b8818ac567
fad7111846310042401990719146401178f22e2618abf2b058e641b6495e8eba

HTTP Headers

GET /main-static/ea82d199/desktop/default/css/7fe5f71b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: text/css; charset=utf-8
traceparent: 00-d2d5c5223cba4406a10112e6b9c7aba4-417386a4803d522f-01
last-modified: Tue, 01 Jul 2025 12:26:03 GMT
etag: W/"c610b8710368de3bf2f1c5bb581b6a3a"
x-amz-meta-mtime: 1751372762.313344086
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:12 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43270
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css

185.244.209.62

200 OK

40 kB

URL GET
v3.traincdn.com/genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (39742), with no line terminators
Size
40 kB (39742 bytes)
Hash
11fcf67d96d7d317c64c54b46d5ec44f
abf4e85e9e932ed64412f46ff590b39a87e26cb9
96ec24e0f388bf29d22bc262d0ed8aecf4582efa4d2031a06566442663f68658

HTTP Headers

GET /genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: text/css
traceparent: 00-f63474c1c497a8af4dc09261c21d7afc-f2fe0ae1280aebb4-01
last-modified: Tue, 01 Jul 2025 07:58:17 GMT
etag: W/"11fcf67d96d7d317c64c54b46d5ec44f"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 01 Jul 2025 09:59:30 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 232
cache: HIT
x-cached-since: 2025-07-02T00:31:48+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js

185.244.209.62

200 OK

30 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (30255)
Size
30 kB (30277 bytes)
Hash
02cf95f00794b77df34632e34a59c5be
b64889fb6cbe78a141688ea761a627997ef8a8af
bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_FJKG5M2E.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-dec4931aec31c57b5941d04dd05da7aa-8ff7b4f201287786-01
last-modified: Tue, 01 Jul 2025 07:41:11 GMT
etag: W/"02cf95f00794b77df34632e34a59c5be"
x-amz-meta-mtime: 1751355608.448238862
content-encoding: gzip
expires: Wed, 02 Jul 2025 08:07:40 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 58599
cache: HIT
x-cached-since: 2025-07-01T08:19:03+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/DC-6c50dc46.js

185.244.209.62

200 OK

2.7 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/DC-6c50dc46.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2656), with no line terminators
Size
2.7 kB (2656 bytes)
Hash
be2ab9338cb2115ef51a3b712769ad7d
6cc9f71183b45d3fff1f67752c63d5603fd9c8aa
299ee694b2a2d5f4fc90d48e5d58b4673a2780092f8fff09e5420dfa7c06c920

HTTP Headers

GET /main-static/ea82d199/desktop/default/DC-6c50dc46.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-4c13759abba538549b9bfc09670d6542-043378bd437fbb39-01
last-modified: Tue, 01 Jul 2025 12:26:02 GMT
etag: W/"be2ab9338cb2115ef51a3b712769ad7d"
x-amz-meta-mtime: 1751372762.30934405
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:13 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43138
cache: HIT
x-cached-since: 2025-07-01T12:36:43+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/Betting.Core-9df10cf6.js

185.244.209.62

200 OK

2.2 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/Betting.Core-9df10cf6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2247), with no line terminators
Size
2.2 kB (2247 bytes)
Hash
337479209fd6b22479604db58c706f0f
246ea56ac9b3d781384dc174d6c47a6aa4d6e8c7
22b6184c2ca96d45398446dc6a79e44b1fffc3c1bd9b1d8b05ffe6dd200c550c

HTTP Headers

GET /main-static/ea82d199/desktop/default/Betting.Core-9df10cf6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-ace0e8f3e9ccd527dd40436cdbce82fc-5c3fe433cf93c25b-01
last-modified: Tue, 01 Jul 2025 12:26:02 GMT
etag: W/"337479209fd6b22479604db58c706f0f"
x-amz-meta-mtime: 1751372762.30934405
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:13 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43138
cache: HIT
x-cached-since: 2025-07-01T12:36:43+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png

185.244.209.62

200 OK

5.2 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: image/png
content-length: 5202
traceparent: 00-e620d5c215e12d78c411cc9ec080e27e-aab97c6f33835558-01
last-modified: Wed, 26 Jun 2024 08:22:59 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
expires: Thu, 16 Jan 2025 11:18:57 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json

185.244.209.62

200 OK

2.3 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.3 kB (2308 bytes)
Hash
7c12ae6fc08684f50822b3eb56779e29
036c726b8b7b2d24f987391101f3e8d1a2a183cf
a2eac45353675c82733192916712b8876c6b038b7bdbddc24df464e38b67cbfd

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json; charset=utf-8
traceparent: 00-450e057e4d14206c324f9d61f6ef92d1-4ef9322f95ec6523-01
last-modified: Tue, 22 Apr 2025 08:06:29 GMT
etag: W/"7c12ae6fc08684f50822b3eb56779e29"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 22 Apr 2025 09:26:34 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2822
cache: HIT
x-cached-since: 2025-07-01T23:48:40+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/analytics-9cde0fe3.js

185.244.209.62

200 OK

7.1 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/analytics-9cde0fe3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7104), with no line terminators
Size
7.1 kB (7104 bytes)
Hash
739d60cb6c5db5efb27a5816027517f6
0d8f4010f62f9d1c435907d4400b7d1f140a02ca
dcc3f916f3db73d2714bc0e6ceb485dbe6470c1c57093fa9b2b9ce8e66eb9ee4

HTTP Headers

GET /main-static/ea82d199/desktop/default/analytics-9cde0fe3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-47bccf6275089f26ea276d2f4f90f444-990955386d0bd3e6-01
last-modified: Tue, 01 Jul 2025 12:26:02 GMT
etag: W/"739d60cb6c5db5efb27a5816027517f6"
x-amz-meta-mtime: 1751372762.313344086
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:22 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43137
cache: HIT
x-cached-since: 2025-07-01T12:36:54+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/app-e5a9fd87.js

185.244.209.62

200 OK

940 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/app-e5a9fd87.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64073)
Size
940 kB (940067 bytes)
Hash
752ec4c635b69989d5f4de797faffb38
ebf67d5e518133ed58a7d9ba44de79a9f0d38959
8b51611862fd36f6a72958e455dae533fbaa6a04c6888b4f54649f5c90f17d10

HTTP Headers

GET /main-static/ea82d199/desktop/default/vendors/app-e5a9fd87.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-9a6e74349dc8847cb03be1a380510f40-4ef1907460bd21e2-01
last-modified: Tue, 01 Jul 2025 12:26:03 GMT
etag: W/"752ec4c635b69989d5f4de797faffb38"
x-amz-meta-mtime: 1751372762.321344154
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:10 GMT
cache-control: max-age=86400
x-time-ng: 0.006
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43269
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
X-Firefox-Spdy: h2

POST 1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

185.162.90.16

200 OK

23 B

URL POST
1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
030dc4399aa61d78d3b87e872995a76b
9c5e5e3ff761ee2340a22799d8114cf6200997be
42eb9d5c4b8aca3c1793e7f14467e7d6bcb23200ad73a64a2d5b3506fe9ea320

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 684911a4-5f9f-4d9b-bf29-6a0e9f15dd6c
Content-Length: 98
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.075, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:50 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-dcc9b55bb50bf691b5f3de12bee00c27-a76296f8fcd29f8d-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 579
cache: HIT
x-cached-since: 2025-07-02T00:26:11+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:50 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-7890bc7f38d8f66ab2f9720dd2958a6a-b9e92d0f8d0a1ff3-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2708
cache: HIT
x-cached-since: 2025-07-01T23:50:42+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He56u2v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056

142.250.74.136

200 OK

303 kB

URL GET
www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He56u2v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, ASCII text, with very long lines (5913)
Size
303 kB (302684 bytes)
Hash
145ea0945ec93e68683f76dea1660b8c
00a6a5948a851736544961e310981ac39d4798c2
cab127f3bb4ba69b9405346cdf65a31fc0be7cb20dce54e09357d521c9b8fab1

HTTP Headers

GET /gtag/destination?id=DC-14030178&cx=c&gtm=45He56u2v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 02 Jul 2025 00:35:52 GMT
expires: Wed, 02 Jul 2025 00:35:52 GMT
cache-control: private, max-age=900
last-modified: Wed, 02 Jul 2025 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 106177
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/sys-ui/2.3.265/Desktop/Default/client.css

185.244.209.62

200 OK

646 kB

URL GET
v3.traincdn.com/sys-ui/2.3.265/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
646 kB (645724 bytes)
Hash
e818af75f8cce8b05a1dc540ff58e0e8
cfec4cf485f884a4e617b4846c01d94176d0cf16
8918bbcb81aa442711c4a58418531361237db3542774253dc816d0979243ff21

HTTP Headers

GET /sys-ui/2.3.265/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/css; charset=utf-8
traceparent: 00-a56927438dc35808a2ef28f5f2693d10-dd8953338091df5e-01
last-modified: Tue, 24 Jun 2025 11:26:07 GMT
etag: W/"e818af75f8cce8b05a1dc540ff58e0e8"
x-amz-meta-mtime: 1750764364.499003374
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:10 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43269
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json

185.244.209.62

200 OK

747 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
747 B (747 bytes)
Hash
f4e90636ec9cff061c4301b3cefdd0d6
c506efe9c3672c58434ea10021dab0ad81b1ad98
30666f138ccc12735e2f8a6405ddce4a3d8756b9445e3b2732fa2970f14dbcea

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json
content-length: 747
traceparent: 00-77c92e2657bd8560a3c108426d17e3bb-6936fba0ca3bf2b7-01
last-modified: Thu, 27 Feb 2025 13:26:35 GMT
etag: "f4e90636ec9cff061c4301b3cefdd0d6"
expires: Thu, 27 Feb 2025 15:00:05 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2431
cache: HIT
x-cached-since: 2025-07-01T23:55:09+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

POST 1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

185.162.90.16

200 OK

23 B

URL POST
1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
93c8896ed8e02d064caafbb9c5c5859a
7aeda6509ac0230da7f732a3cfdc67fb198a7ed3
097337ead3c67738842ea6ad5a2dbcb16dc073bf5f5349a4be74185d04f11d78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 684911a4-5f9f-4d9b-bf29-6a0e9f15dd6c
Content-Length: 88
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1280; che_g=f0a64a02-2875-53c7-068f-e784653c799a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.106, wf-uht;dur=0.012
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/web-api/session

185.162.90.16

204 No Content

0 B

URL GET
1xlite-04283.bar/web-api/session
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1280; che_g=f0a64a02-2875-53c7-068f-e784653c799a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Wed, 02 Jul 2025 00:35:49 GMT
cache-control: no-cache, private
server-timing: dt_total;dur=0.081, p;dur=17.22, wf-uht;dur=0.031
set-cookie: ua=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
SESSION=102e50ae3efc590010d98896300c3136; path=/; secure; httponly; samesite=lax
x-dt: 285
x-time-ng: 0.018, 0.020
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET refpaasxufov.top/L?tag=d_42282m_22719c_[]MS[]null[]null[]general[]igetp2583ff3219_d27775_l190859_clickunder&pb=4af4bf2b69b04f5484545de344ba50ee&click_id=41b7c220-56dc-11f0-8e89-33341e736fd6

178.253.46.19

303 See Other

275 kB

URL User Request GET
refpaasxufov.top/L?tag=d_42282m_22719c_[]MS[]null[]null[]general[]igetp2583ff3219_d27775_l190859_clickunder&pb=4af4bf2b69b04f5484545de344ba50ee&click_id=41b7c220-56dc-11f0-8e89-33341e736fd6
IP
178.253.46.19:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subjectrefpaasxufov.top
Fingerprint4A:21:67:AD:3B:B2:86:BC:8C:6A:06:07:7D:AE:C1:67:3B:B4:50:29
ValidityMon, 05 May 2025 05:21:05 GMT - Sun, 03 Aug 2025 05:21:04 GMT

File type

Size
275 kB (274837 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /L?tag=d_42282m_22719c_[]MS[]null[]null[]general[]igetp2583ff3219_d27775_l190859_clickunder&pb=4af4bf2b69b04f5484545de344ba50ee&click_id=41b7c220-56dc-11f0-8e89-33341e736fd6 HTTP/1.1
Host: refpaasxufov.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
server: nginx
date: Wed, 02 Jul 2025 00:35:38 GMT
location: https://1xlite-04283.bar:443/en?tag=d_42282m_22719c_[]MS[]null[]null[]general[]igetp2583ff3219_d27775_l190859_clickunder&pb=4af4bf2b69b04f5484545de344ba50ee&click_id=41b7c220-56dc-11f0-8e89-33341e736fd6
set-cookie: A_22719_v=0; expires=Thu, 03 Jul 2025 00:35:38 GMT; path=/; secure
A_22719_c=1; expires=Thu, 03 Jul 2025 00:35:38 GMT; path=/; secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_ad3f7c29b4e02e6246cb2aa67f345bcc.json

185.244.209.62

200 OK

138 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_ad3f7c29b4e02e6246cb2aa67f345bcc.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
138 kB (138409 bytes)
Hash
2c9c810d420105cde1ef5b572c2c245c
6086fbe2b188384f254d0efbc2b9155141109bb2
90153a2c766294c7bbfff738658bb17c984ae036901575d75c6f12162e676801

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_ad3f7c29b4e02e6246cb2aa67f345bcc.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json; charset=utf-8
traceparent: 00-40ae19a5b562fa407c188270654f4437-209970c2e5a26967-01
last-modified: Tue, 01 Jul 2025 08:06:26 GMT
etag: W/"2c9c810d420105cde1ef5b572c2c245c"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 01 Jul 2025 09:12:03 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 701
cache: HIT
x-cached-since: 2025-07-02T00:23:59+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png

185.244.209.62

200 OK

653 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: image/png
content-length: 653
traceparent: 00-8038480296cda514840b373730d6ebf3-275d45a5e91c7a2a-01
last-modified: Wed, 26 Jun 2024 08:18:02 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
expires: Thu, 16 Jan 2025 10:46:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1599
cache: HIT
x-cached-since: 2025-07-02T00:09:00+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

POST 1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

185.162.90.16

200 OK

2 B

URL POST
1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 684911a4-5f9f-4d9b-bf29-6a0e9f15dd6c
Content-Length: 19
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json
content-length: 2
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.052, wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json

185.244.209.62

200 OK

182 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
182 B (182 bytes)
Hash
0a64a07e9a34e8a5b5e97e80a10888c5
82545cbc39b7dcc031dd10dea841a0b3698243d6
7201497e7e8cdf9d35bf6998e43dcde5feea535f9828ce3ee98785781016126c

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json
content-length: 182
traceparent: 00-ac23c40a6cce8895fa71c2bef65b3b50-94ffe73bcceee0ea-01
last-modified: Thu, 27 Feb 2025 08:55:26 GMT
etag: "0a64a07e9a34e8a5b5e97e80a10888c5"
expires: Thu, 27 Feb 2025 10:17:13 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2431
cache: HIT
x-cached-since: 2025-07-01T23:55:09+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/en/block

185.162.90.16

203 Non Authoritative

275 kB

URL User Request GET
1xlite-04283.bar/en/block
IP
185.162.90.16:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
HTML document, ASCII text, with very long lines (53869)
Size
275 kB (274837 bytes)
Hash
001cda38926cf288219cbbb991799b94
b364e4ffd367b48d106ebbfaa2ec52d7a80cf082
0379c9a1c7bf1225c2c9654a760bf2331eaf1500b0a5120c10a1ee3bf57e92ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/block HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 203 Non Authoritative
server: nginx
date: Wed, 02 Jul 2025 00:35:38 GMT
content-type: text/html; charset=utf-8
content-length: 274837
accept-ranges: none
server-timing: dt_total;dur=0.004, total;dur=48;desc="Nuxt Server Time"
set-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/main-static/ea82d199/check-ob.js

185.162.90.16

200 OK

219 B

URL GET
1xlite-04283.bar/main-static/ea82d199/check-ob.js
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JavaScript source, ASCII text
Size
219 B (219 bytes)
Hash
c065700c9c8c493403359e1f2baa10d9
4630fe729e70bdf63fa7ba6c84ec277fd1f51030
1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main-static/ea82d199/check-ob.js HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/javascript; charset=utf-8
content-length: 219
last-modified: Tue, 01 Jul 2025 12:27:34 GMT
etag: "c065700c9c8c493403359e1f2baa10d9"
x-amz-meta-mtime: 1751372852.302476937
expires: Thu, 03 Jul 2025 00:10:05 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-9fc675840a78b0fa98e84dfe0fb915a0-62fa8e37a367208e-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2697
cache: HIT
x-cached-since: 2025-07-01T23:50:42+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_39ee820b5d.js

185.244.209.62

200 OK

1.4 MB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_39ee820b5d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (23471)
Size
1.4 MB (1429963 bytes)
Hash
b11c55ebdf08b864af674c29b96b53cf
8a8e00c8008ff560defe7512a75661cf50e107e4
449f5897ffc01843ef4501c53ddc7374d4f5af3cd668308aee7c71d1604e4fa3

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_base-app_39ee820b5d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-ded861677c41da1fc1568cd190ac941e-eb0e2ba2db9c03b9-01
last-modified: Tue, 01 Jul 2025 12:17:40 GMT
etag: W/"b11c55ebdf08b864af674c29b96b53cf"
x-amz-meta-mtime: 1751371734.138177513
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:03 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43005
cache: HIT
x-cached-since: 2025-07-01T12:38:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1265)
Size
1.3 kB (1297 bytes)
Hash
e3f1c4089db6b910890e85d97a2e2066
85828920da3c3fd7856acde184e835ac314295cd
6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-9a7f77c4ca61f5b2e0d258a6080b8062-406db0070ba0b2cf-01
last-modified: Tue, 01 Jul 2025 15:41:26 GMT
etag: W/"e3f1c4089db6b910890e85d97a2e2066"
x-amz-meta-mtime: 1751384393.121320689
content-encoding: gzip
expires: Wed, 02 Jul 2025 17:54:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24046
cache: HIT
x-cached-since: 2025-07-01T17:54:56+00:00
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/hd-api/external/0197c88f-b0ca-7ee3-a2f4-620eee391b43.js

185.162.90.16

200 OK

307 kB

URL GET
1xlite-04283.bar/hd-api/external/0197c88f-b0ca-7ee3-a2f4-620eee391b43.js
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
307 kB (306629 bytes)
Hash
232780a2a0a879c531685cc267286c49
29fccbc8be5becbd49f8d03cda1766c882da1a51
0597df5f42094dc9e7bf6148bc767ccfec388736fb975a9ba26ad61b72e78928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/0197c88f-b0ca-7ee3-a2f4-620eee391b43.js HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1280; che_g=f0a64a02-2875-53c7-068f-e784653c799a; SESSION=102e50ae3efc590010d98896300c3136
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:49 GMT
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0, must-revalidate
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-hd-trace-id: fcf0e217-88f3-4ddb-b86c-9f893b10144b
x-request-guid: 5de8d32de9c36f3165db561a585a647a
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.004, wf-uht;dur=0.017
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/app-4ee41774.js

185.244.209.62

200 OK

506 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/app-4ee41774.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
506 kB (505779 bytes)
Hash
155a9a93b502a0e17544d5764bc3c2e3
8fe0b35ee65d52bd99009f155d05992362dddae8
b0b9c147dbcf55c09f9f1b3d6b16fcea16b30ce839c79991bb63130070364307

HTTP Headers

GET /main-static/ea82d199/desktop/default/app-4ee41774.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-9fe4ec7d282d52e92c93a3cb2d6c1a48-4cc247d824113adb-01
last-modified: Tue, 01 Jul 2025 12:26:02 GMT
etag: W/"155a9a93b502a0e17544d5764bc3c2e3"
x-amz-meta-mtime: 1751372762.313344086
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:11 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43269
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json

185.244.209.62

200 OK

1.1 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.1 kB (1085 bytes)
Hash
338264fc869e8f0b86b0d6c9d92102b0
83b4d35816df0e1486b766251e74d23f28b77824
015355a44429f40dd63b566dd1e9b1b76af3dfa28dcd25a43e82820ba0847b8d

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json
traceparent: 00-a5a7da1a2a7d856508ab10ee307f8d78-6a304641b40dd29d-01
last-modified: Thu, 16 May 2024 19:05:13 GMT
etag: W/"338264fc869e8f0b86b0d6c9d92102b0"
content-encoding: gzip
expires: Thu, 16 Jan 2025 11:19:55 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2431
cache: HIT
x-cached-since: 2025-07-01T23:55:11+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/db2ceca3d6.js

185.244.209.62

200 OK

3.3 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/db2ceca3d6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3263)
Size
3.3 kB (3264 bytes)
Hash
5659de57636f7d1db6a662c83c32302e
04654e59e2eb96db80c1148468585ade3870c757
4498fcc20c1a2459cf2fb7fef135ea0c6271b8468265ae4c87239c38050f8f97

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/db2ceca3d6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-5d555460bb5f87571b205d1fbbf4ac9c-d6962ac2db18d25c-01
last-modified: Tue, 01 Jul 2025 13:57:17 GMT
etag: W/"5659de57636f7d1db6a662c83c32302e"
x-amz-meta-mtime: 1751378037.060056773
content-encoding: gzip
expires: Wed, 02 Jul 2025 14:01:32 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 37693
cache: HIT
x-cached-since: 2025-07-01T14:07:29+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json

185.244.209.62

200 OK

473 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
473 B (473 bytes)
Hash
e67aa19ef00fd2285c7b4ecbb6018306
5b01d4786d6fbfbd5de7901eb4359a55466f434a
135c1042c31e3674d8a1b3b9e7179f4f36868048ca6058ea458ff291b8880b5e

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json
content-length: 473
traceparent: 00-72c2d488c722ef8596e67114f1d6e003-1fe9af9a859937a6-01
last-modified: Thu, 16 May 2024 20:41:30 GMT
etag: "e67aa19ef00fd2285c7b4ecbb6018306"
expires: Fri, 16 May 2025 19:56:49 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2431
cache: HIT
x-cached-since: 2025-07-01T23:55:11+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a058452500.js

185.244.209.62

200 OK

2.4 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a058452500.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2401)
Size
2.4 kB (2402 bytes)
Hash
90f3cbf6ab115a49c1cd555fcfcf04e0
57a807b26f0a505347a1243edb3d0152e429c7a9
a7711ab016b2cac21cd1eafe0dbb4cd27b576305efe70affd06b91588a2b1b46

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a058452500.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2437afb5cbbf96765e4bcbd7281ebc2c-e57b0f40abfda422-01
last-modified: Tue, 01 Jul 2025 13:57:17 GMT
etag: W/"90f3cbf6ab115a49c1cd555fcfcf04e0"
x-amz-meta-mtime: 1751378037.060056773
content-encoding: gzip
expires: Wed, 02 Jul 2025 14:01:33 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 37693
cache: HIT
x-cached-since: 2025-07-01T14:07:29+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_afaf81e30d642b97c9a47adfabb20735.json

185.244.209.62

200 OK

9.7 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_afaf81e30d642b97c9a47adfabb20735.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
9.7 kB (9656 bytes)
Hash
d75b2ed6baf27beaa7c13a8eedee98ba
0f0bc6e193b2de4642068dfc72b0bcb193469f78
0d9a0565ceab3ff1bc46ea48f330012693f8958784f13ec7681644d180b2d503

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_afaf81e30d642b97c9a47adfabb20735.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json; charset=utf-8
traceparent: 00-fa9dae1c96ae127a66dce62ae54b7686-35d6747e1c95e6c8-01
last-modified: Thu, 26 Jun 2025 16:06:49 GMT
etag: W/"d75b2ed6baf27beaa7c13a8eedee98ba"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 26 Jun 2025 17:12:48 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 486
cache: HIT
x-cached-since: 2025-07-02T00:27:34+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1193)
Size
1.2 kB (1194 bytes)
Hash
7e76c08e7f16815131a5f13a10c1efba
5f800877b78a0713157fe119bc1a2d9a260f72e1
c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_7HDOEZTP.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-b335dc88acba3a8b7a48a54169b897f4-0a5fe654aa3fa9c7-01
last-modified: Tue, 01 Jul 2025 07:30:03 GMT
etag: W/"7e76c08e7f16815131a5f13a10c1efba"
x-amz-meta-mtime: 1751354830.701291642
content-encoding: gzip
expires: Wed, 02 Jul 2025 08:07:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 58597
cache: HIT
x-cached-since: 2025-07-01T08:19:04+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.136

200 OK

343 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4828)
Size
343 kB (343429 bytes)
Hash
1de4d0fb4489fee839934559b2c3db81
0490bb057cc64923172fb793ad4e51554b72a804
b3064c6dfccef64857c32b102d3d46db8eff17728f2d779230882a0cbc5917dd

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 02 Jul 2025 00:35:52 GMT
expires: Wed, 02 Jul 2025 00:35:52 GMT
cache-control: private, max-age=900
last-modified: Wed, 02 Jul 2025 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 119381
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1858767942.1751416552&gtm=45je56u2v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&z=249077602

142.250.74.131

200 OK

42 B

URL GET
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1858767942.1751416552&gtm=45je56u2v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&z=249077602
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google.no
Fingerprint06:9A:0B:8C:DF:AC:70:7A:12:56:3A:16:E7:C4:85:BA:3E:C8:E2:63
ValidityMon, 02 Jun 2025 08:38:19 GMT - Mon, 25 Aug 2025 08:38:18 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1858767942.1751416552&gtm=45je56u2v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&z=249077602 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 02 Jul 2025 00:35:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/css/e45d3c54.css

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/css/e45d3c54.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (13478), with no line terminators
Size
14 kB (13478 bytes)
Hash
74ac1e9c5cab64b7d31ed8deccbd2659
ed589fe1c672ce7baa4ae8caa2d969d2941c4332
5cbce6d9cbdb897a99ac14285ec6dca35d84382aa1a94cf96e555b5811039dbe

HTTP Headers

GET /main-static/ea82d199/desktop/default/css/e45d3c54.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/css; charset=utf-8
traceparent: 00-4928c9eae4b9a60f9a6ac8178664b780-6c54bdcd02b74f2f-01
last-modified: Tue, 01 Jul 2025 12:26:03 GMT
etag: W/"74ac1e9c5cab64b7d31ed8deccbd2659"
x-amz-meta-mtime: 1751372762.313344086
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:10 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43269
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/aa45ffc40b.js

185.244.209.62

200 OK

2.0 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/aa45ffc40b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1967)
Size
2.0 kB (1968 bytes)
Hash
8e566f532e491bde1cecdb109a815996
b9f1e897ee23861104496cd9613827914b84842a
222205d00d2bd0d4306f7848521d61a2c385bd8d266e8f8cfb226fa8c430b2e0

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/aa45ffc40b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-17ddeb4057af000513a660bf1d722dd5-235a4001b902dd60-01
last-modified: Tue, 01 Jul 2025 13:57:17 GMT
etag: W/"8e566f532e491bde1cecdb109a815996"
x-amz-meta-mtime: 1751378037.060056773
content-encoding: gzip
expires: Wed, 02 Jul 2025 14:01:33 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 37693
cache: HIT
x-cached-since: 2025-07-01T14:07:29+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (14232 bytes)
Hash
811ce3b7877d19901e45430cb6523d62
16a905115a678fdef3923f91c6f76cbab613e84d
10fbb74dbac63abfe9c4f5a77abc03757ef3527a479d4ae70dc977b515eec8cb

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json
traceparent: 00-8f102854f7d34dedb4508ea538e9a1d8-f4bba76d53a35b1d-01
last-modified: Thu, 27 Feb 2025 09:04:01 GMT
etag: W/"811ce3b7877d19901e45430cb6523d62"
content-encoding: gzip
expires: Thu, 27 Feb 2025 10:17:13 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2431
cache: HIT
x-cached-since: 2025-07-01T23:55:09+00:00
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js

185.162.90.16

200 OK

760 B

URL GET
1xlite-04283.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JavaScript source, ASCII text, with very long lines (759)
Size
760 B (760 bytes)
Hash
0b911773e0df627d77f8306c86e228aa
0d584bb1a3294e4fe42df4582dcc8a2c8f77f7bb
01e4926540498a77d866259516007d41fae1213ab9607db826f011d926fd6006

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1280; che_g=f0a64a02-2875-53c7-068f-e784653c799a; SESSION=102e50ae3efc590010d98896300c3136
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 492
cache-control: public, max-age=300
content-encoding: gzip
etag: 0b911773e0df627d77f8306c86e228aa
vary: Accept-Encoding
x-dt: 455
x-request-guid: 1de33df9f232b92b4895cace4e4ea085
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.007, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/commons/app-1402de4b.js

185.244.209.62

200 OK

138 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/commons/app-1402de4b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
138 kB (137774 bytes)
Hash
a45f549f820cb65433de3d063d10e578
ed29744183aa4a3455130e19fdc8c0305707b72a
46d54cd349a2eeb147cf9542553eb87499923fd0bfa0db5d36eefcefd074a0f2

HTTP Headers

GET /main-static/ea82d199/desktop/default/commons/app-1402de4b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-0ac7a657517c0a3890e96efbc0435c91-ede9adb9f12f3780-01
last-modified: Tue, 01 Jul 2025 12:26:03 GMT
etag: W/"a45f549f820cb65433de3d063d10e578"
x-amz-meta-mtime: 1751372762.313344086
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:10 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43269
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.vue-js-modal-b286ca57.js

185.244.209.62

200 OK

27 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.vue-js-modal-b286ca57.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26667), with no line terminators
Size
27 kB (26667 bytes)
Hash
2e4dec520f25b225abac6d00e0f1409b
288dbbefcd8f9fcf17995c6a6ce50aae64a9cf20
5551e6aeba7cc22f4486f3c0a992b32f5d4fb29f93e5df2f8e4b2f8dc4289103

HTTP Headers

GET /main-static/ea82d199/desktop/default/vendors/plugins.vue-js-modal-b286ca57.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-fe0c07217e76e727cda21375f2930360-e8c8d0a8f0e47b81-01
last-modified: Tue, 01 Jul 2025 12:26:03 GMT
etag: W/"2e4dec520f25b225abac6d00e0f1409b"
x-amz-meta-mtime: 1751372762.321344154
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:13 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43270
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js

185.244.209.62

200 OK

159 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65509)
Size
159 kB (158815 bytes)
Hash
1da464d70e78b04b9b808e82e4ad9487
0c79e65516d1525ecb43d13cfb4ccb0631095a28
b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595

HTTP Headers

GET /sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-c90aedf7b2011c8a8de4335d07b39a01-5a4408c5329233f2-01
last-modified: Tue, 01 Jul 2025 08:03:08 GMT
etag: W/"1da464d70e78b04b9b808e82e4ad9487"
x-amz-meta-mtime: 1751356593.67632558
content-encoding: gzip
expires: Wed, 02 Jul 2025 08:07:39 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 58597
cache: HIT
x-cached-since: 2025-07-01T08:19:04+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.3 kB (1342 bytes)
Hash
499d57f89b2bf5fed52d984d865fd72c
f3dd138886f2c1e257d3ac2214b7e3cba57e56b2
9467cf5576ce2a97d9e44e53915a9c4ae529c134cc1ea5a3c62ea304eebda0c8

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json
traceparent: 00-64e31a4266a4228fe5144fee5845241d-fda69fc63783a790-01
last-modified: Thu, 27 Feb 2025 08:17:13 GMT
etag: W/"499d57f89b2bf5fed52d984d865fd72c"
content-encoding: gzip
expires: Thu, 27 Feb 2025 11:06:29 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2430
cache: HIT
x-cached-since: 2025-07-01T23:55:12+00:00
X-Firefox-Spdy: h2

POST 1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

185.162.90.16

200 OK

23 B

URL POST
1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
13fa7f5788b98635bc14b43759cad4c1
3e3e4d2c41077c7df7a5d2103a157ef431e19780
71b86fdc8690938ce790c7454cce800422d6ae5f60380a7bde86b036368b90ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 684911a4-5f9f-4d9b-bf29-6a0e9f15dd6c
Content-Length: 48
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.097, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json

185.244.209.62

200 OK

241 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
241 B (241 bytes)
Hash
39257fbb62736206d5245e08925d7b60
4c11e3cb6a16b884772b88acdba30a2ad98e86b8
3a3cf0f5c60899ffb49d9825516aec475fd7b78cea8ae0b5b58dfb4e658f041e

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json
content-length: 241
traceparent: 00-353b464453221d7e2294fa1ec65138f9-d5579edce88fb742-01
last-modified: Thu, 27 Feb 2025 13:24:25 GMT
etag: "39257fbb62736206d5245e08925d7b60"
expires: Thu, 27 Feb 2025 14:48:35 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1284
cache: HIT
x-cached-since: 2025-07-02T00:14:18+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/3.3.275/Desktop/Default/merged.css

185.244.209.62

200 OK

804 kB

URL GET
v3.traincdn.com/sys-ui/3.3.275/Desktop/Default/merged.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
804 kB (804118 bytes)
Hash
fc70f0f0fa61e55230e04c1a8c081429
6b8b010ef31ab94f22f6fc200392b3200e6c1cb9
7083235ed4020153cf85d786ec50e6965a33d61fae3a74287dfd6cdff876b0c2

HTTP Headers

GET /sys-ui/3.3.275/Desktop/Default/merged.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/css; charset=utf-8
traceparent: 00-377898c23a5d832a13011e34f8c2aa5e-b918a0a9d55764d9-01
last-modified: Tue, 01 Jul 2025 10:21:17 GMT
etag: W/"fc70f0f0fa61e55230e04c1a8c081429"
x-amz-meta-mtime: 1751365237.438867618
content-encoding: gzip
expires: Wed, 02 Jul 2025 10:22:15 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 51018
cache: HIT
x-cached-since: 2025-07-01T10:25:21+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json

185.244.209.62

200 OK

4.1 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
4.1 kB (4086 bytes)
Hash
9e075dc2a068d12162e260d49c92f233
9c748240ee9aeeb922f9998005c557517763a979
81b3796da635e227e36b1a44c3224d8e0ccda902293beb08f84d870ed3bcee99

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json; charset=utf-8
traceparent: 00-63cec432c128017e1bd63dba8fe865bc-e59dd3aff739db9c-01
last-modified: Thu, 26 Jun 2025 16:06:49 GMT
etag: W/"9e075dc2a068d12162e260d49c92f233"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 26 Jun 2025 17:12:47 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2193
cache: HIT
x-cached-since: 2025-07-01T23:59:07+00:00
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-04283.bar

185.162.90.16

200 OK

105 B

URL GET
1xlite-04283.bar/seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-04283.bar
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JSON text data
Size
105 B (105 bytes)
Hash
6abfe5f6641fddde82c2ca29cf5c6a7a
958379bc84073d266358a27b3cf86b15484f5f6d
ede01772dfd8da2cc82f245e454ce360b2ceb13b7d1c330bbc1d68fe41255c19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-04283.bar HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: application/json
content-length: 107
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en6d0e5d6e0146a49c358c0eaad1d2ef38
age: 1243
x-request-id: a3634d7dec42488a60f1e8c5cfa83f24
x-request-guid: a3634d7dec42488a60f1e8c5cfa83f24
content-encoding: br
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=2.514123916626, wf-uht;dur=0.014
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json

185.244.209.62

200 OK

3.6 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
3.6 kB (3557 bytes)
Hash
4b08975411699bcd7464f49777e866bf
2a9b0a0f3eadf5f3e1ef688bacd9560dd59c73d2
b6208d18413f8988db2e0040ff72516c0cb5e06d3d9692b5b098808ab46fc378

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json
traceparent: 00-91c29cd3baf8bd57d56d4348a84067fa-e75479928c563898-01
last-modified: Thu, 27 Feb 2025 09:06:12 GMT
etag: W/"4b08975411699bcd7464f49777e866bf"
content-encoding: gzip
expires: Thu, 27 Feb 2025 10:17:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2431
cache: HIT
x-cached-since: 2025-07-01T23:55:11+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He56u2v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056

142.250.74.136

200 OK

353 kB

URL GET
www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He56u2v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, ASCII text, with very long lines (5913)
Size
353 kB (352693 bytes)
Hash
dd7f91965d4ea08073a79c57ab7c101d
b69a0564404ed6e46793a55f433cca3ba8a00d4f
cf17fa1045f6a3634dbc501ddae1b18acc1ea22618a2dcd4f98e80b03a2f8b08

HTTP Headers

GET /gtag/destination?id=AW-16664555628&cx=c&gtm=45He56u2v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 02 Jul 2025 00:35:52 GMT
expires: Wed, 02 Jul 2025 00:35:52 GMT
cache-control: private, max-age=900
last-modified: Wed, 02 Jul 2025 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 120330
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST 1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

185.162.90.16

200 OK

23 B

URL POST
1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
3557d83450296a253f240aeb05a86173
63dc0488ed2b783fc11d8fbf4bfb04a7ba991bdf
64e667ef28529ad54ae98941612430ce9d0f219d192d56b3f8c9a6f04800afa2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 684911a4-5f9f-4d9b-bf29-6a0e9f15dd6c
Content-Length: 109
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1280; che_g=f0a64a02-2875-53c7-068f-e784653c799a; SESSION=102e50ae3efc590010d98896300c3136; _ga_7JGWL9SV66=GS2.1.s1751416552$o1$g0$t1751416552$j60$l0$h597836291; _ga=GA1.1.1858767942.1751416552; _gcl_au=1.1.638605673.1751416552
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:52 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.090, wf-uht;dur=0.011
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56u2v897130004za200&_p=1751416551630&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&cid=1858767942.1751416552&ecid=597836291&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1751416552&sct=1&seg=0&dl=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock&dt=1xBet&_tu=Kg&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=19240

216.239.32.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56u2v897130004za200&_p=1751416551630&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&cid=1858767942.1751416552&ecid=597836291&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1751416552&sct=1&seg=0&dl=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock&dt=1xBet&_tu=Kg&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=19240
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56u2v897130004za200&_p=1751416551630&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&cid=1858767942.1751416552&ecid=597836291&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1751416552&sct=1&seg=0&dl=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock&dt=1xBet&_tu=Kg&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=19240 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-04283.bar
date: Wed, 02 Jul 2025 00:35:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css

185.244.209.62

200 OK

11 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (11072)
Size
11 kB (11073 bytes)
Hash
3d3e04f603cc58802ff96240abbdc3aa
e7e6a5d59c97236922354b40d288736f034a1ce3
611f7a963cd4aa278f1ba51f2401247df8c658929b76bfdce45bec08be83d7bd

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/css; charset=utf-8
traceparent: 00-945f06be29ed7cba55041c395b04d042-8bd93020e55244fb-01
last-modified: Tue, 01 Jul 2025 13:57:18 GMT
etag: W/"3d3e04f603cc58802ff96240abbdc3aa"
x-amz-meta-mtime: 1751378037.060056773
content-encoding: gzip
expires: Wed, 02 Jul 2025 16:44:17 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 28282
cache: HIT
x-cached-since: 2025-07-01T16:44:17+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-73a25fafabf2e41f8f27afa34535b426-74784ddab4b9e4fb-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 568
cache: HIT
x-cached-since: 2025-07-02T00:26:11+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css

185.244.209.62

200 OK

46 B

URL GET
v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
29b5cda95fa390c124de39b6aeca6d24
46f68f69533c1fdc737eb36e8e7af7672178e610
6021ec0aede22eadcb8401fe945d345202320437c7be01b157f0cb282ebe7c88

HTTP Headers

GET /genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: text/css
content-length: 46
traceparent: 00-2b4d542af8f784283d5c500039c59879-b54251152baad1fe-01
last-modified: Thu, 20 Mar 2025 13:29:31 GMT
etag: "29b5cda95fa390c124de39b6aeca6d24"
cache-control: max-age=3600
expires: Thu, 20 Mar 2025 14:32:37 GMT
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1657
cache: HIT
x-cached-since: 2025-07-02T00:08:03+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21232)
Size
21 kB (21252 bytes)
Hash
3cf0cae38afae9add22f7884e5061231
2a41037501375a439385a76a047876619683418f
322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-c39a0e76330187cded812b30fc5d8ea0-4044fa49679b191f-01
last-modified: Tue, 01 Jul 2025 08:32:23 GMT
etag: W/"3cf0cae38afae9add22f7884e5061231"
x-amz-meta-mtime: 1751358465.407332823
content-encoding: gzip
expires: Wed, 02 Jul 2025 09:24:45 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 54657
cache: HIT
x-cached-since: 2025-07-01T09:24:45+00:00
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/vision.json

185.162.90.16

204 No Content

0 B

URL GET
1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/vision.json
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/vision.json HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 684911a4-5f9f-4d9b-bf29-6a0e9f15dd6c
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
x-dt: 285
x-rejected: E001
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.082, wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js

185.244.209.62

200 OK

69 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
69 B (69 bytes)
Hash
2cdaa92927f02e0b628f1ef4d7dd8caf
9104a2e16ed080b80a42588b8aeb52ebec47ab7a
ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: text/javascript; charset=utf-8
content-length: 69
traceparent: 00-e163fdfc9357da98ba9268f5c026c509-f050ddfd83d5662e-01
last-modified: Tue, 01 Jul 2025 13:57:18 GMT
etag: "2cdaa92927f02e0b628f1ef4d7dd8caf"
x-amz-meta-mtime: 1751378037.060056773
expires: Wed, 02 Jul 2025 19:14:57 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 19244
cache: HIT
x-cached-since: 2025-07-01T19:14:57+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/captcha-api/assets/hunt-captcha.js

185.162.90.16

200 OK

88 kB

URL GET
1xlite-04283.bar/captcha-api/assets/hunt-captcha.js
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (87704 bytes)
Hash
4cb7a52bd97c61968d597909e338caba
ecf86a8b2faef71a2ef716bc5b65b0596df3a0a0
3466c843d3bd703c1cdedc5493ad46030a026e997ec2fab895efca13033d3066

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha-api/assets/hunt-captcha.js HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1280; che_g=f0a64a02-2875-53c7-068f-e784653c799a; SESSION=102e50ae3efc590010d98896300c3136
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:49 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=300
content-encoding: br
vary: Accept-Encoding
x-dt: 455
x-request-id: c33cd1ad0bb21b5804d53b170ac33e5a
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.006, wf-uht;dur=
X-Firefox-Spdy: h2

POST www.google.com/gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=4435344866027;npa=1;auiddc=638605673.1751416552;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56u2v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056;epver=2;dc_random=1751416552694;~oref=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock?

142.250.74.68

200 OK

42 B

URL POST
www.google.com/gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=4435344866027;npa=1;auiddc=638605673.1751416552;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56u2v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056;epver=2;dc_random=1751416552694;~oref=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock?
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint4F:74:10:0A:01:21:55:4F:03:B9:F9:8B:6A:DE:A2:47:7C:44:89:73
ValidityMon, 02 Jun 2025 08:37:21 GMT - Mon, 25 Aug 2025 08:37:20 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

POST /gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=4435344866027;npa=1;auiddc=638605673.1751416552;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56u2v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056;epver=2;dc_random=1751416552694;~oref=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock? HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 02 Jul 2025 00:35:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://1xlite-04283.bar
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/78e1228f56f3d966ed7fcfded728f899.json

185.244.209.62

200 OK

23 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/78e1228f56f3d966ed7fcfded728f899.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
23 kB (23270 bytes)
Hash
bc3c79e764880121898f78d58c54ac21
0e1fb57593fa0c59e51e06040bf3a6b4c868b430
8bcfd2c3d6f34658a491941dbffa8478d7c2462340b78e1dd82d4b91c9a3163d

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/78e1228f56f3d966ed7fcfded728f899.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json
traceparent: 00-a0377a257d297dc0080530f52d8f921e-b67742da9c855a0b-01
last-modified: Tue, 01 Jul 2025 08:15:39 GMT
etag: W/"bc3c79e764880121898f78d58c54ac21"
content-encoding: gzip
expires: Tue, 01 Jul 2025 09:55:51 GMT
cache-control: max-age=3600
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2431
cache: HIT
x-cached-since: 2025-07-01T23:55:09+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css

185.244.209.62

200 OK

650 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (649)
Size
650 B (650 bytes)
Hash
5d70ac7829c3ae41ce5c0971c798fbcf
9996ce3a09f56d3e37d67fbe7e1efb301ea2f261
0e76b1cd191bd618caea37cb7fb6673d12c7cdff7ea47e939758eda5764a140b

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/css; charset=utf-8
content-length: 650
traceparent: 00-7921e58d1a64d3870cb04f258b6b6e80-b1448055b14c91b9-01
last-modified: Wed, 25 Jun 2025 08:49:19 GMT
etag: "5d70ac7829c3ae41ce5c0971c798fbcf"
x-amz-meta-mtime: 1750840922.612374433
expires: Fri, 27 Jun 2025 10:00:19 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 51529
cache: HIT
x-cached-since: 2025-07-01T10:16:50+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-3557e40578.js

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-3557e40578.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20630)
Size
21 kB (21155 bytes)
Hash
0ebbc6d82729cd81c1b7b996685d28b9
36bfc4109d87fd28233e7381dc8ac1e726ff4c1e
5c2446adb88248931d2f8f6513cdc526f6b2f46489c400dbcd083fed79483b66

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-3557e40578.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-bc4362af2c2e0cfdc0386587e07c8b01-526a6b816dff6ed5-01
last-modified: Tue, 01 Jul 2025 13:57:18 GMT
etag: W/"0ebbc6d82729cd81c1b7b996685d28b9"
x-amz-meta-mtime: 1751378037.060056773
content-encoding: gzip
expires: Wed, 02 Jul 2025 14:01:30 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 37693
cache: HIT
x-cached-since: 2025-07-01T14:07:28+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.136

200 OK

472 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)
Size
472 kB (471880 bytes)
Hash
80b6e0a634c0d52413b33b8e7cd14c65
4c91a8957527ee0fa149be7dfe66962936d46579
6955c3a8011308f16c4e5f13ddf4e092ea0e8ace60f6a9ac6b790132a013aac5

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 02 Jul 2025 00:35:51 GMT
expires: Wed, 02 Jul 2025 00:35:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 150905
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/en?tag=d_42282m_22719c_[]MS[]null[]null[]general[]igetp2583ff3219_d27775_l190859_clickunder&pb=4af4bf2b69b04f5484545de344ba50ee&click_id=41b7c220-56dc-11f0-8e89-33341e736fd6

185.162.90.16

302 Found

275 kB

URL User Request GET
1xlite-04283.bar/en?tag=d_42282m_22719c_[]MS[]null[]null[]general[]igetp2583ff3219_d27775_l190859_clickunder&pb=4af4bf2b69b04f5484545de344ba50ee&click_id=41b7c220-56dc-11f0-8e89-33341e736fd6
IP
185.162.90.16:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type

Size
275 kB (274837 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en?tag=d_42282m_22719c_[]MS[]null[]null[]general[]igetp2583ff3219_d27775_l190859_clickunder&pb=4af4bf2b69b04f5484545de344ba50ee&click_id=41b7c220-56dc-11f0-8e89-33341e736fd6 HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Wed, 02 Jul 2025 00:35:38 GMT
location: https://1xlite-04283.bar/en/block
server-timing: dt_total;dur=0.008, total;dur=25;desc="Nuxt Server Time", wf-uht;dur=0.036
set-cookie: platform_type=desktop; Path=/; Expires=Sat, 05 Jul 2025 00:35:38 GMT; Secure; SameSite=None; Partitioned
gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Sun, 31 Aug 2025 00:35:38 GMT
reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; Path=/; Expires=Wed, 02 Jul 2025 01:35:38 GMT
postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; Path=/; Expires=Fri, 01 Aug 2025 00:35:38 GMT
auid=uaJaEGhkftobdE9KA3ScAg==; path=/; secure; httponly; samesite=lax
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_16e298.css

185.244.209.62

200 OK

4.2 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_16e298.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3743)
Size
4.2 kB (4166 bytes)
Hash
a77127dbfb4d9c95e68cf08165c7c30e
229907578c9c65f8049a3221dfda4790568dd77f
16e298fb30fe85f67917c8783ccaecec2fa9729b9593f2998e5d619f91ace6f1

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_css_16e298.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/css; charset=utf-8
traceparent: 00-9d41dd049bacd024d6bad5b6d0d1d248-9c3e6c40947cac63-01
last-modified: Tue, 01 Jul 2025 12:31:05 GMT
etag: W/"a77127dbfb4d9c95e68cf08165c7c30e"
x-amz-meta-mtime: 1751373005.887088368
content-encoding: gzip
expires: Wed, 02 Jul 2025 13:02:51 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 41472
cache: HIT
x-cached-since: 2025-07-01T13:04:27+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/Page.Block-fc519a68.js

185.244.209.62

200 OK

476 B

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/Page.Block-fc519a68.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (476), with no line terminators
Size
476 B (476 bytes)
Hash
63d2b12ee529c02e281a0774382391a6
2a16852e992152fbc7a1a4e62ed39b345d1f9d1b
45897e94c8069f26a514933983034f76cba665c685cdaaa1abf9270343414d04

HTTP Headers

GET /main-static/ea82d199/desktop/default/Page.Block-fc519a68.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/javascript; charset=utf-8
content-length: 476
traceparent: 00-fcf314bf3c10184f2372c13104f71d82-321108abb3a9b7c5-01
last-modified: Tue, 01 Jul 2025 12:26:02 GMT
etag: "63d2b12ee529c02e281a0774382391a6"
x-amz-meta-mtime: 1751372762.30934405
expires: Wed, 02 Jul 2025 12:33:26 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43269
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
13 kB (13278 bytes)
Hash
2b474bcc2f009b70e64e2b5a95dd50a4
1fd5ee2d54da7dfbf61e67efd938a89c548fc866
f86d880575f3f65ddaaf9e8a0e3746bbbefcefe7e6c0c4441e9e20ceffdca237

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json
traceparent: 00-cec79107ee349cf55fd044b9d2a85b02-d54e61ab781ab5f7-01
last-modified: Wed, 12 Mar 2025 09:35:22 GMT
etag: W/"2b474bcc2f009b70e64e2b5a95dd50a4"
content-encoding: gzip
expires: Wed, 12 Mar 2025 11:03:31 GMT
cache-control: max-age=3600
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2431
cache: HIT
x-cached-since: 2025-07-01T23:55:11+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json

185.244.209.62

200 OK

328 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
328 B (328 bytes)
Hash
4347fc050ebe622e30a7bf78a213b5a0
c05b3b571980b01ff9f07e6adc1c29c58be70bd1
ed1b1193a248bf273141c31b7f74dd1224416b3757e5a71f2e7d579c50d65d57

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json
content-length: 328
traceparent: 00-6ccb376f53ecf1b001918de45a2ce72c-29df2de76c89dfb0-01
last-modified: Thu, 27 Feb 2025 10:51:50 GMT
etag: "4347fc050ebe622e30a7bf78a213b5a0"
expires: Thu, 27 Feb 2025 12:17:56 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2431
cache: HIT
x-cached-since: 2025-07-01T23:55:11+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

390 B

URL GET
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type

Size
390 B (390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 02 Jul 2025 00:35:52 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Wed, 02 Jul 2025 00:45:52 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

POST www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=914375488.1751416552&dt=1xBet&auid=638605673.1751416552&navt=n&npa=1&gtm=45He56u2v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056&tft=1751416552406&tfd=14122&apve=1&apvf=sb

142.250.74.68

200 OK

0 B

URL POST
www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=914375488.1751416552&dt=1xBet&auid=638605673.1751416552&navt=n&npa=1&gtm=45He56u2v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056&tft=1751416552406&tfd=14122&apve=1&apvf=sb
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint4F:74:10:0A:01:21:55:4F:03:B9:F9:8B:6A:DE:A2:47:7C:44:89:73
ValidityMon, 02 Jun 2025 08:37:21 GMT - Mon, 25 Aug 2025 08:37:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=914375488.1751416552&dt=1xBet&auid=638605673.1751416552&navt=n&npa=1&gtm=45He56u2v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056&tft=1751416552406&tfd=14122&apve=1&apvf=sb HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
date: Wed, 02 Jul 2025 00:35:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-type: text/plain
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://1xlite-04283.bar
access-control-expose-headers: date,vary,vary,vary,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/css/4987a592.css

185.244.209.62

200 OK

41 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/css/4987a592.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (40883), with no line terminators
Size
41 kB (40883 bytes)
Hash
55806ba49a22fc5ee8b0bb0040855a6e
917c4d0fbca1839f747ac7fce9bf0cc808d39970
20a079261720a67fd8322fe012f5e0893177e3262719ecd4d228f2c6bbcc0c8b

HTTP Headers

GET /main-static/ea82d199/desktop/default/css/4987a592.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:39 GMT
content-type: text/css; charset=utf-8
traceparent: 00-b40c8ced26e69cb983d6d27c4625c788-4e8a645897616a4d-01
last-modified: Tue, 01 Jul 2025 12:26:03 GMT
etag: W/"55806ba49a22fc5ee8b0bb0040855a6e"
x-amz-meta-mtime: 1751372762.313344086
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:10 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43269
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json

185.244.209.62

200 OK

7.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
7.3 kB (7321 bytes)
Hash
0614058b667e6dfa1cdecc6e0e53131c
4f20f88c436fb5cbd82cf1dcfeaa14e52195a369
be16474b0f19b7536ebdd3d0f8867b151eaa4638411ddb46845f887a5d51a653

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json
traceparent: 00-5f164c4f56fff08da1ed688b309e9774-6707befbac372b31-01
last-modified: Thu, 23 Jan 2025 13:19:10 GMT
etag: W/"0614058b667e6dfa1cdecc6e0e53131c"
content-encoding: gzip
expires: Thu, 23 Jan 2025 14:50:28 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2431
cache: HIT
x-cached-since: 2025-07-01T23:55:09+00:00
X-Firefox-Spdy: h2

POST 1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

185.162.90.16

200 OK

2 B

URL POST
1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 684911a4-5f9f-4d9b-bf29-6a0e9f15dd6c
Content-Length: 19
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1280; che_g=f0a64a02-2875-53c7-068f-e784653c799a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json
content-length: 2
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.010, wf-uht;dur=0.012
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c3e31d18c2.js

185.244.209.62

200 OK

3.7 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c3e31d18c2.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3727)
Size
3.7 kB (3730 bytes)
Hash
13149149d354db73f34ccc8bc5df0ae1
820623b9a728d3dc517f6b3f566d66aaa6c181c3
92129a598278ce04fc5fbfd7c2384b7952ab0859a5516d9d56d6bc960da17e4c

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c3e31d18c2.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-1ae3e0eff2482c91dc35fa1d64a5ad8c-8b7f68cef220822a-01
last-modified: Tue, 01 Jul 2025 13:18:49 GMT
etag: W/"13149149d354db73f34ccc8bc5df0ae1"
x-amz-meta-mtime: 1751375621.332664384
content-encoding: gzip
expires: Wed, 02 Jul 2025 13:21:56 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 40426
cache: HIT
x-cached-since: 2025-07-01T13:21:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.vue-notification-bb383c80.js

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.vue-notification-bb383c80.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12563), with no line terminators
Size
13 kB (12563 bytes)
Hash
a67050ffa30bf0d9ff1b27a02c1e43bf
0baba07b90180d62cbc2f96b9fb2de5e5920db78
b6c45b2d4d8e5336dc8402df992a63860283cef404ca7c4e8f19b9a77efcbd16

HTTP Headers

GET /main-static/ea82d199/desktop/default/vendors/plugins.vue-notification-bb383c80.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-89991860c923fb569fb742dbab1523ac-25804ece121ccf2c-01
last-modified: Tue, 01 Jul 2025 12:26:03 GMT
etag: W/"a67050ffa30bf0d9ff1b27a02c1e43bf"
x-amz-meta-mtime: 1751372762.321344154
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:12 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43270
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js

185.244.209.62

200 OK

16 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16156)
Size
16 kB (16157 bytes)
Hash
b95f2867a4f69c6f87508d4376778ab8
34b733244053bb0634826b593e14e88782e81680
f318dcd075506078ef1811c0a12962c5fed8811ee39cc3c77691a81063e05340

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_c29ed659a5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:41 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-25d1a8f5a2e05fbcfe860d486f9a15e1-cc0247ae4706a665-01
last-modified: Tue, 01 Jul 2025 12:17:40 GMT
etag: W/"b95f2867a4f69c6f87508d4376778ab8"
x-amz-meta-mtime: 1751371734.110177177
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:04 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43005
cache: HIT
x-cached-since: 2025-07-01T12:38:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_5d59fb760e9190741167123b9fa00cd2.json

185.244.209.62

200 OK

28 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_5d59fb760e9190741167123b9fa00cd2.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
28 kB (27576 bytes)
Hash
e4b87fc7b070d16108f2712be4700a58
6086562a3e8a0ad32b657458b87943b09992b21c
725413a25327a5b6238cd221d539f5b87a7270a231dda630ab4f1efa5539f30b

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_5d59fb760e9190741167123b9fa00cd2.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json; charset=utf-8
traceparent: 00-0be108aae1944c9870e60111982c2e4b-a10f43c3b90a1cc3-01
last-modified: Thu, 26 Jun 2025 08:06:29 GMT
etag: W/"e4b87fc7b070d16108f2712be4700a58"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 26 Jun 2025 09:16:50 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2193
cache: HIT
x-cached-since: 2025-07-01T23:59:07+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js

185.244.209.62

200 OK

865 B

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (840)
Size
865 B (865 bytes)
Hash
0af3fe0c072a5bb3b6c731767187982f
55db5afb57265dc92fd121fe9ae565ffb2f53b2c
655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30

HTTP Headers

GET /sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: text/javascript; charset=utf-8
content-length: 865
traceparent: 00-2c6c96bed363e5ed85483bbcea60176b-2bd59e4b12ccda26-01
last-modified: Mon, 30 Jun 2025 15:23:23 GMT
etag: "0af3fe0c072a5bb3b6c731767187982f"
x-amz-meta-mtime: 1751296981.175809955
expires: Wed, 02 Jul 2025 08:09:15 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 58599
cache: HIT
x-cached-since: 2025-07-01T08:19:03+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/a1c3d1930127b405102a4616863435b5.json

185.244.209.62

200 OK

2.9 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/a1c3d1930127b405102a4616863435b5.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.9 kB (2853 bytes)
Hash
f9867cd5bf362d5d518027321410c262
c8152b1f17123f07b027c8ab359062dc5f7c1456
baa9a4f415e8e8b95c2269ac32d20c6850852d9973e47937440e2761a6d8ee65

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/a1c3d1930127b405102a4616863435b5.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json
traceparent: 00-111241571b1d2028fccb11ea4d90b78f-a186a2f530f99807-01
last-modified: Thu, 05 Jun 2025 12:29:20 GMT
etag: W/"f9867cd5bf362d5d518027321410c262"
content-encoding: gzip
expires: Thu, 05 Jun 2025 13:42:00 GMT
cache-control: max-age=3600
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1284
cache: HIT
x-cached-since: 2025-07-02T00:14:18+00:00
X-Firefox-Spdy: h2

POST 1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

185.162.90.16

200 OK

23 B

URL POST
1xlite-04283.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
31bb04df4d1292ae6d3c267f4f11fc1b
458407a6a976cb150556a4c988f2251f08dfb29b
4e466b94a4a49456cb80be4b29dd46bb081536a18ed6c5a427b6f7609d31f861

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 684911a4-5f9f-4d9b-bf29-6a0e9f15dd6c
Content-Length: 72
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1280; che_g=f0a64a02-2875-53c7-068f-e784653c799a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.068, wf-uht;dur=0.008
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/hd-api/external/assets/hdf.js

185.162.90.16

200 OK

4.1 kB

URL GET
1xlite-04283.bar/hd-api/external/assets/hdf.js
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
C++ source, ASCII text, with very long lines (874)
Size
4.1 kB (4083 bytes)
Hash
40eaa62ed21bd753172f4c307e2a41d0
f7b03c6b004562311c8ca00466179629738b2a40
60fed8cb321dc09e4e1d910b5822bd8f67d53d0962a41ddc9f5ac33edd4e2213

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/assets/hdf.js HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1280; che_g=f0a64a02-2875-53c7-068f-e784653c799a; SESSION=102e50ae3efc590010d98896300c3136
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 1620
cache-control: public, max-age=300
content-encoding: gzip
etag: 40eaa62ed21bd753172f4c307e2a41d0
vary: Accept-Encoding
x-dt: 455
x-request-guid: f55ead7bf6e37466a6a762eb54c46af0
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.009, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.v-tooltip-37d6af68.js

185.244.209.62

200 OK

77 kB

URL GET
v3.traincdn.com/main-static/ea82d199/desktop/default/vendors/plugins.v-tooltip-37d6af68.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
77 kB (76824 bytes)
Hash
e873f837ffa4ca1e1a36c631e5782f26
5a4c0ff0b18c2e866952ff507e66fb271d8e8bf6
1767aec2f12010a3242e7e7e31ed049d29120e7dd754356610c8bb924e795e72

HTTP Headers

GET /main-static/ea82d199/desktop/default/vendors/plugins.v-tooltip-37d6af68.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-04283.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-0ae5afbdd02a65216834d111ae16f57c-881ed87d1c109d51-01
last-modified: Tue, 01 Jul 2025 12:26:03 GMT
etag: W/"e873f837ffa4ca1e1a36c631e5782f26"
x-amz-meta-mtime: 1751372762.321344154
content-encoding: gzip
expires: Wed, 02 Jul 2025 12:33:12 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43270
cache: HIT
x-cached-since: 2025-07-01T12:34:30+00:00
X-Firefox-Spdy: h2

GET 1xlite-04283.bar/bff-api/config/group/get?groups=d.technical&lang=en

185.162.90.16

200 OK

730 B

URL GET
1xlite-04283.bar/bff-api/config/group/get?groups=d.technical&lang=en
IP
185.162.90.16:443
ASN
#0

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-04283.bar
FingerprintFE:DA:8C:13:C3:2D:72:21:5E:3D:7D:5C:F5:DA:21:83:C3:6C:01:9C
ValidityMon, 02 Jun 2025 10:33:05 GMT - Sun, 31 Aug 2025 10:33:04 GMT

File type
JSON text data
Size
730 B (730 bytes)
Hash
87ec2701f4efb3b20790e1a967af79be
8c7a33e8de1fadc580287953380b136d261c27f5
add58098a30e646183c0c004afd7cdb345b576ed641263c6b19ab40c18d75395

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/group/get?groups=d.technical&lang=en HTTP/1.1
Host: 1xlite-04283.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-svc-source: __TECHNICAL_PAGES_APP__
x-app-n: __TECHNICAL_PAGES_APP__
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder; postback_watcher=%7B%22tag%22%3A%22d_42282m_22719c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp2583ff3219_d27775_l190859_clickunder%22%2C%22pb%22%3A%224af4bf2b69b04f5484545de344ba50ee%22%2C%22click_id%22%3A%2241b7c220-56dc-11f0-8e89-33341e736fd6%22%7D; auid=uaJaEGhkftobdE9KA3ScAg==; window_width=1920; che_g=f0a64a02-2875-53c7-068f-e784653c799a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:42 GMT
content-type: application/json
content-length: 730
cache-control: no-cache, private
server-timing: dt_total;dur=0.110, bff;dur=7.57, wf-uht;dur=0.016
x-dt: 285
x-pod: R-bsfxz
x-time-ng: 0.008
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

390 B

URL GET
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
390 B (390 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 02 Jul 2025 00:35:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Wed, 16 Jul 2025 00:35:52 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_9e0367e53e79a2370f6295a369c10d8f.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_9e0367e53e79a2370f6295a369c10d8f.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
22 kB (22128 bytes)
Hash
42b984eb4c3cb86c8e4a6cb784d34587
0818d8add98d96f31a0387a176fbbb893fd12668
7c005cfff0ed66f5e20ffbe5423e5c2372ff306e8507350d5802cc08fa0e2454

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_9e0367e53e79a2370f6295a369c10d8f.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 02 Jul 2025 00:35:40 GMT
content-type: application/json; charset=utf-8
traceparent: 00-d7f4b0bc1f6a34b12ec3eb94c7e8e66b-1cddc1a0f9deb732-01
last-modified: Tue, 01 Jul 2025 14:06:27 GMT
etag: W/"348f9f14bbd204fbc458f65e20f8c465"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 01 Jul 2025 15:12:17 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 486
cache: HIT
x-cached-since: 2025-07-02T00:27:34+00:00
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56u2v897130004za200&_p=1751416551630&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&cid=1858767942.1751416552&ecid=597836291&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1751416552&sct=1&seg=0&dl=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=14155

216.239.32.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56u2v897130004za200&_p=1751416551630&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&cid=1858767942.1751416552&ecid=597836291&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1751416552&sct=1&seg=0&dl=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=14155
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-04283.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56u2v897130004za200&_p=1751416551630&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104908321~104908323&cid=1858767942.1751416552&ecid=597836291&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1751416552&sct=1&seg=0&dl=https%3A%2F%2F1xlite-04283.bar%2Fen%2Fblock&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=14155 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-04283.bar/
Origin: https://1xlite-04283.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-04283.bar
date: Wed, 02 Jul 2025 00:35:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (54)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML