{"report_id":"b7183cb5-b594-4d2a-9c41-4534a9ec8292","version":6,"status":"done","tags":[],"date":"2025-08-22T00:38:02Z","url":{"schema":"http","addr":"1xlite-786689.top/en/registration","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":0,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"title":"1xBet"},"submit":{"url":{"schema":"http","addr":"1xlite-786689.top/en/registration","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":0,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-26T00:38:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.google.no","ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2001-02-26","domain_rank":92680,"first_seen":"2012-06-26T23:22:08Z","last_seen":"2025-08-20T15:47:04.710117Z","alert_count":0,"request_count":1,"received_data":580,"sent_data":870,"comment":"","tags":null,"fingerprints":null},{"fqdn":"v3.traincdn.com","ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"domain_registered":"2022-11-10","domain_rank":256434,"first_seen":"2022-11-25T10:00:40Z","last_seen":"2025-08-15T10:06:22.854487Z","alert_count":0,"request_count":68,"received_data":6020935,"sent_data":34290,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"1xlite-786689.top","ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"domain_registered":"2024-11-01","domain_rank":768424,"first_seen":"2025-06-24T15:36:11.958141Z","last_seen":"2025-08-18T02:34:39.502982Z","alert_count":19,"request_count":19,"received_data":1057419,"sent_data":13622,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.72","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-08-20T15:12:53.478307Z","alert_count":0,"request_count":1,"received_data":482149,"sent_data":438,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"radar.cedexis.com","ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"domain_registered":"2009-01-07","domain_rank":28156,"first_seen":"2013-11-27T02:31:43Z","last_seen":"2025-08-15T22:40:20.610519Z","alert_count":0,"request_count":2,"received_data":1415,"sent_data":850,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"region1.analytics.google.com","ip":{"addr":"216.239.34.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22257,"first_seen":"2022-03-17T11:26:33Z","last_seen":"2025-08-20T15:34:40.504607Z","alert_count":0,"request_count":2,"received_data":1702,"sent_data":2045,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"1da464d70e78b04b9b808e82e4ad9487","sha1":"0c79e65516d1525ecb43d13cfb4ccb0631095a28","sha256":"b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595","sha512":"517231e24fe48dcf9e907f32f759a9d8cc0471202dd5a22dd27efffeeb989e0f12b0db848280f03739b2e267ce95feb128ee8e9305cdd4e299c3fd19695ffdb8","ssdeep":"3072:sOU03o4Pwjp9BumfaVpfMHgWH71RgZXo9k:sXpzumWpf2gWH71RgZok","tlshash":"5af3b9f73640ab6775b23b188e4ad28f6f9c9c51cc88908caae7d4db5d61c22707db14","size":158815,"data":"","first_seen":"2025-05-14T05:06:37.168433Z","last_seen":"2025-08-22T06:38:14.163241Z","times_seen":1811,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"02cf95f00794b77df34632e34a59c5be","sha1":"b64889fb6cbe78a141688ea761a627997ef8a8af","sha256":"bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83","sha512":"6bcdddd806b94dc8964c98ed5c8481f1ac5e74c707fe5d48760bd7d2edc2b8b52e58b3d7910d0ae316b3e196924d32734ccd5ffc33377df8de471e43c99fd6d3","ssdeep":"768:+DKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:+m8uPW43zEIOvdlUU","tlshash":"23d2c68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","size":30277,"data":"","first_seen":"2025-05-14T05:06:37.193247Z","last_seen":"2025-08-22T06:38:14.178861Z","times_seen":1811,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"Function","is_inline":false,"md5":"7bcdb973ab8af8e24ab11cb554a1ba6e","sha1":"24e8a10f240f2b06f81d7c173cd0a90606641fc1","sha256":"916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd","sha512":"1d890761e2a00081531fda5c0489ebf4df4140a9748bdc6d97bd355023e3e4ab09e19663ab319cf775e28ba71d99ab09f20d5414a561fa10fa3be2cb874484ca","ssdeep":"","tlshash":"e380044710411010cdd351d040573c44001044f114c4dc500040fdd11c53030110545c","size":34,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-04-06T04:37:31.900034Z","times_seen":13037,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"Function","is_inline":false,"md5":"00beb9884d0391b342eadd30744b539a","sha1":"3124c0bd593822379d22f13d3e08e70a1bf5ea14","sha256":"92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c","sha512":"6fa2e21df54ca406f570cb639529d68edac5de27fd4bc3a9daa8fd0465b583ede1c1cabb550237deb75d8bf88f39e80c1a77777d794826ad3272630108e58661","ssdeep":"","tlshash":"539002492940210685661152001e5c58411491b094906c9140429c551d52020125ab5d","size":44,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-04-06T04:37:31.903746Z","times_seen":13028,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.72","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"330567d7cea16468b595b6c6fbfef999","sha1":"06ca1d489d2b27494e9f4b8420e961b4cbac9eac","sha256":"3001f95de3358a52eab3425755f53471897b42d9df374ba6a9b76e5c49360591","sha512":"b83ec4556948ffe2e963cfdad3f5ee654a57e087d3e2ea52f1d2510e48a7d076a3ef729b4b9d214ed4fee82a31e9f64793c0aed4f3b5b3be01ced307c30b32b2","ssdeep":"6144:tYqVj55wzdUJo4uPhrNbyAtTQyGylAo//wWasMiO4rQW:uqV95wzwo4uPhrNbn2mOJW","tlshash":"08a4099e73c6746693daf478402f01cba97b25e2b49dc8aab1c9ccf02d3455a4127f78","size":481148,"data":"","first_seen":"2025-08-22T00:38:10.32332Z","last_seen":"2025-08-22T00:38:10.32332Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"b95f2867a4f69c6f87508d4376778ab8","sha1":"34b733244053bb0634826b593e14e88782e81680","sha256":"f318dcd075506078ef1811c0a12962c5fed8811ee39cc3c77691a81063e05340","sha512":"dd8d736d26cad47776c4e4706beed168dedd02d25dfa0570a7f4874fcb260ff78951ac7cb94d91d225837db6a33eebf5b236932fe7b2e2014a1c9f9d309b0c61","ssdeep":"384:6tP2qT4YEUXGPYsH3M95B59IBMNUiLPqnIJdlh3uY3V47Czazgjdk:SP2qT4pUX/sH3M95B5qB6UEPME1uY3nk","tlshash":"9972a7a6726c3a2683d648f240355603e72b0cb979104499fb7c6edb7c198cd42ffa78","size":16157,"data":"","first_seen":"2025-07-01T14:08:29.773148Z","last_seen":"2025-12-23T22:34:35.075094Z","times_seen":1892,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"Function","is_inline":false,"md5":"94361ed86ab9b2fbb8d805c2025df46a","sha1":"3f428332f7a1c7196a85c93a373a966d75708c19","sha256":"eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a","sha512":"c8f4fb7c642357730c6c59e0b49fe3ec16c228d83d4ce402dc62f01e451529b8087240afca37096cebdaaabf47c189dfde5e6e2d780440f663f0e2bc8cf88ff7","ssdeep":"","tlshash":"f6b012df6c8351104a9292e001dec8f0443620303b00cc45544ce7716d2e865de2625e","size":96,"data":"","first_seen":"2023-12-06T14:32:27Z","last_seen":"2026-04-06T04:37:31.910311Z","times_seen":7922,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/Page.Block-fbf12404.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"1ab01a13188ad33a27d687ae1bda49a9","sha1":"8866860aff026e8e0d9aad522b33dfd95ec4ff9b","sha256":"c3d8be73d3b9a8f46aa72e35dc121b068946c053b5b6ea020e8c58707b1ed985","sha512":"8be16d813f1bcea503ef7835cb132256c67b1549d2d386f55a711d415b6d69e75cb68db09cc3e47378b7f9b9346ac333e3cf5df36514c82585e0f89d14d160c7","ssdeep":"","tlshash":"1df09e9b5562fc8d95e6109343b7d2b7b48c797a0649696006a1c8a532f7c66481124f","size":476,"data":"","first_seen":"2025-08-21T09:34:57.516517Z","last_seen":"2025-08-22T06:38:14.181597Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"29892348e6b9c2c43b42e9c2aa29225b","sha1":"a40a7f483b6626757925ded9fc0f10bf9e0ad5c8","sha256":"e108b7886336e3a2555822e82a66e07c4ba7f918a48fcfa3f1ada1134f0908cf","sha512":"236c58e66f730d2d4bc6e4654c572fd103e5aaf6941cbb6ca21186d6f68ec040b9ba20ae4670a7c722ecf3134528c4ad36cd8f4d56925fb7dfded59e76d0c689","ssdeep":"","tlshash":"fc31331dbd3cf1760512f5f5903b6309a77328955da5b004c450e899ac74a4f6816dce","size":1736,"data":"","first_seen":"2025-08-21T09:34:57.563119Z","last_seen":"2025-08-22T06:38:14.206409Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"a398e8fbcec6d42d34ea78e2447aa9e9","sha1":"cdc301fbced5aeee05e886112fee12576fdaaa34","sha256":"dead88d5a6ea919ece1718aa41031b93431f79f435deb918102f6d4554fdf9a4","sha512":"a0f04a36ec765412d14257a42c8a7e086c28463435e9a822b5c0d61133a60e5d836ab1d13c8d5fbee9466283097bec555ebca2fd04cfd42e9116dee726e5af22","ssdeep":"96:ihgx8q0yK9gBlCtQglIelj+5JrjmQrv/gKrLhZkaoQFuBMOfQtSbNClcS:SgCq0voEtdew6+Qrv/vLhIQtSbNwcS","tlshash":"e0d1c592e41cfa2fec23891ef07b2f310e54196879927b10e6accb2d34931b5e317646","size":6256,"data":"","first_seen":"2025-08-22T00:38:10.383638Z","last_seen":"2025-08-22T00:38:10.383638Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/commons/app-3aa40bb6.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"5212bc8c2673ad4ec805e30e0e8f01ed","sha1":"820eb713194822a4a67bf780cd9879049cffd8f8","sha256":"635ae0298d74da3ae9eb4e1f8eecf37af2b75d3d232ca51fc85ac18aa9389166","sha512":"f0a29f03f64b225bc2417d5ddd19c093ca22ca6f1cc9aabfca2ec6d8708b249b359b33e9aad139865efb55ed6077e8b58a6b71900b8f4c9171bd31893d12e293","ssdeep":"1536:x0UiXH2DHJjIAG3wvvjE+gjmZVBzCrmhkG5YGf7BMr3y6MPk+PWKWoidtI:MXHUp0qXjE+gjmZCmlYGNMryYd+","tlshash":"c4d3d5dcf695b03117e721b5407f150bf23a7898680ac0a4f266e8d53db888ea167f7d","size":137774,"data":"","first_seen":"2025-08-21T09:34:57.546545Z","last_seen":"2025-08-22T06:38:14.152071Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/Betting.Core-9b415186.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"10e9466af5fdc75e29996a68fece9c69","sha1":"4f61295b68ecf299d5fce468713f8d586c234353","sha256":"c144f2e4c29fd2f52f354c1c48ea867349069721d73a176f0d5020e9f647ae5f","sha512":"910dbeef9368f11a2b38d4c963f3981e38dc2799be27835a1a4c46249b3a3d9ee0f1bb613fa3c79ba94d215af9642e0206ff33145865068991f4cd2e0526b69d","ssdeep":"","tlshash":"d641d98979d2b484423f1cda40fb14f6a0b96eb5358d05ec9943dad43074a92c0daeca","size":2126,"data":"","first_seen":"2025-08-21T09:34:57.496541Z","last_seen":"2025-08-22T06:38:14.124716Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"3cf0cae38afae9add22f7884e5061231","sha1":"2a41037501375a439385a76a047876619683418f","sha256":"322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d","sha512":"b61ed44fab86cdc14e9e1b8af7924afec6148d03d878007f89d1beb7a24a1862efaa2d6b43dcc04df35c6920ef742ffc5a59a2434b798554394d3e28f88b7a13","ssdeep":"384:nPP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxu:riZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7d92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","size":21252,"data":"","first_seen":"2025-05-14T05:06:37.148925Z","last_seen":"2025-08-22T06:38:14.115567Z","times_seen":1787,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-4d3d12aae8.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"62167edc20168f6fa51af1a7708970b9","sha1":"a2a70bbd2fa4d559f3bfd5c990c52d70ca1fa00e","sha256":"0a8a013fe888e43a15d77c2d76f23b5c42e4ed24bd4647b604441447969a6e6a","sha512":"3b728b4fa3fbbb0b55f9863da42c177b27c7d177a252b7ee6f39a073a390fdc3afc15abf819cc2fa24624d7f595fa90909e4328e0b4d61cb294a997a79a37591","ssdeep":"768:HqLxGO7Hg1DWcd1TL2Dry3qZUkqx2YZkYh/xplG+pI7wzPa3jH4LB2jX9OMVu2V7:KLxRHg1y9qnPa3jH4LBs1ZqVRFWco","tlshash":"bee2c47434abb0b420da6a586739bd52d6c81f5fe84afcd251cf89e613d704880527fb","size":32891,"data":"","first_seen":"2025-08-13T23:36:01.858221Z","last_seen":"2025-08-22T06:38:14.146907Z","times_seen":135,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/325027d97d.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"f98cf72ad21f7e39f5708258875740c7","sha1":"38a5036dfb3216cc5b9d472111d6ea2d3884aa98","sha256":"d0e7d03f7f55582b4c8dc8a0a64f99747c7f99e3b545a112e0a4946c5da016e3","sha512":"c9e6c1b2e8e997fb98a509a09a49061ac5b1a9b566dc3f1c60a000d6d8e640ece784ec9e7ee667b8092165072dce230ec0c45a25c230b2fc84c3dd12cb37a263","ssdeep":"","tlshash":"0021a7303034e56b0bfe0bd8c8331850f32c225ca73565d276cc6fa102aa506529ebbb","size":1166,"data":"","first_seen":"2025-08-13T23:36:01.818277Z","last_seen":"2025-08-22T06:38:14.137264Z","times_seen":136,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/main-static/89eefdd8/check-ob.js","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"c065700c9c8c493403359e1f2baa10d9","sha1":"4630fe729e70bdf63fa7ba6c84ec277fd1f51030","sha256":"1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4","sha512":"b2e1c73cb94f5e3ceb35c3662bf4d72baf800a9a7c64318b1db07d50e9c885dbd94821ef3b3916d1b8b4fabb8f45cb588834b41c6a8a7f4d2c3e9c3866083ee7","ssdeep":"","tlshash":"96d0a79fb900211406939267d12f8668807724973f008182500597e069b8f4c4b37895","size":219,"data":"","first_seen":"2024-07-17T14:33:52Z","last_seen":"2026-01-22T06:40:31.153166Z","times_seen":6298,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"0af3fe0c072a5bb3b6c731767187982f","sha1":"55db5afb57265dc92fd121fe9ae565ffb2f53b2c","sha256":"655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30","sha512":"8aab8cafc0b01c11f0b3b4bab4cb8b00ac25007153fd86b45ac8bfe325109c1a5215e89825fde4d7698a64f6c549e8140ed441ddb558d98a5654d52df9d568be","ssdeep":"","tlshash":"a41159c232e3a0d1c3e058cd1001d902f23969e9e4bca0c9d757e6b83cb2a53987672a","size":865,"data":"","first_seen":"2025-05-14T05:06:37.184748Z","last_seen":"2025-08-22T06:38:14.125712Z","times_seen":1811,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"e3f1c4089db6b910890e85d97a2e2066","sha1":"85828920da3c3fd7856acde184e835ac314295cd","sha256":"6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614","sha512":"0fc9e47336d93f4f6ae6dbffaaee9145b46d4ba6c75aad12acbded8fc3468d1d8d29fb76440dba071ad362f725287ea38b5f48045e51c39fd5bf842f5ec0abd6","ssdeep":"","tlshash":"d821f09fbac2b5908394184d4e2ec055f23a2957641ce5fcd625e6827c407a186f2c0d","size":1297,"data":"","first_seen":"2025-05-14T05:06:37.190071Z","last_seen":"2025-08-22T06:38:14.173196Z","times_seen":1811,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/efb3cf2e20.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"e1064875c52ddaba0c71a7bd1b6aa0ab","sha1":"d4487505d1036a6244b3c17eaf01069b01356998","sha256":"db744e9cd808af07eeaf645d73cf71fa834602913130bfb3209324a3fdad8842","sha512":"b8ed041179385df219030170777b00e32cbc70637d9951c47ca4e5b48b1905f8b3281a9ca3f2ec3e358c6ce89649fcc25cb044460cac3e583779f2d62a173793","ssdeep":"","tlshash":"f641c8da72b035f3e277505dbd0620f0c3182a4d032f10e8ede9484e210d9d26767b93","size":1973,"data":"","first_seen":"2025-08-13T23:36:01.8758Z","last_seen":"2025-08-22T06:38:14.18096Z","times_seen":135,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/captcha-api/assets/hunt-captcha.js","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"c74d5f9d71a7ed9dd08823a0722c0ec2","sha1":"8d26f16e3b5794809901baaf14d1349005cef62b","sha256":"a2ccb5c63f4a9a3386c4ce0089e480d3c47d1cbe48b240d1a58f43058ab59133","sha512":"9bb970b3c04c384397642cf3ca0687a46aa440bf551a31eb254015f47f8847b6f67552fc018df58c0323d8e63c984b3af68ceb15c269f8ed703b116bc6faf0f1","ssdeep":"768:fY7f6KEQtx4m3/mL+mLaxICh3OUTeRe1IW+BvjW+jyneWMMx7KD8f/+YVNXC/vh0:y9km0+H5942iYKGhFk+i2F","tlshash":"a6830fd6396bac21bbc35d92c53a7ef3fc386485fbac8d18d12db2489955136d2e1032","size":87223,"data":"","first_seen":"2025-08-21T06:37:41.361325Z","last_seen":"2025-09-02T07:09:00.359602Z","times_seen":359,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"Function","is_inline":false,"md5":"bc51ed8c76553717f10d58b2df60fd76","sha1":"e2d03a8fd8d280074b226c288880f9df299c7cb1","sha256":"bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c","sha512":"3207379b65060d0e80623fa966633b5ea31358b20de9aeb2c9416fa7d29f1972bf30809e39f0b826565e569d856dd2498ee0ec5285271c127f54daa7cf391911","ssdeep":"","tlshash":"489004473441140c47d7175410375c4c0c1500705441df400451dc510d51031114545c","size":39,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-04-06T04:37:31.909725Z","times_seen":13030,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript,export const meta = import.meta;","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"6d772b7d405b447ecee54ab61cdd5108","sha1":"dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7","sha256":"b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b","sha512":"a3947640368602c9fd9dee887bb1a7e463890ff42e2ddd292c377593c5fad246d3e3363e9898cd1e5ecda9c59b5cf7c7cd0acfc2a5a1e5d3acec2cf0d62e20b2","ssdeep":"","tlshash":"1f800003800802380aa0c880028e80b00ab222203f00c08328088b302e3b08aca332a2","size":32,"data":"","first_seen":"2023-12-06T14:32:28Z","last_seen":"2026-04-06T04:37:31.901681Z","times_seen":7921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/app-8719b2bd.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"44c8de9986669e2f17f85160d1c16291","sha1":"c47171434737ec261d7613fc6bd7562093591f96","sha256":"f47ef0fb24f1ee021b5bdb56c0b0f0dcc07f86faddea059555ee7acb3ec6b919","sha512":"6b7ab7c419c918beb457034e13472c3136b3757f6ec7187a9d636cfdecda939b897d0a6a1f4de4f2bd7becbe1849cd6d5ed20f6128b68411d486196b35bb0b55","ssdeep":"12288:QhecY+CZdsb0B69dgC7jcupMA7zZfk0Pn:QhrYHZdOgC7jcupMA7dH","tlshash":"54a45c65b588f4ca02f34bdae03a0161e33916b9380dd064f77dedca359bc09916a67f","size":484183,"data":"","first_seen":"2025-08-21T09:34:57.458406Z","last_seen":"2025-08-22T06:38:14.172275Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/2596a4f975.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"4d25e2e3f99bb24b71da5724313df8c7","sha1":"400d4afda0f0df1be372f7482a047bc642615045","sha256":"774e5169787c86cc1fba0147d62d16d6f6ab42732a141fe5b3dd003c81649eb8","sha512":"d6137ec17e0031009369728d47d5b6592f28be221989c97ec44a50d199f11454baa6000b0114e1aeb2e12eab168a8fbc35777aa156d7f2da7a37a468e49c71d6","ssdeep":"","tlshash":"80e0927bf97270691044c8f9e012ec6163235d9a67e0efa9c0de07304212473e049c71","size":404,"data":"","first_seen":"2025-08-13T23:36:01.840623Z","last_seen":"2025-08-22T06:38:14.132413Z","times_seen":135,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/hd-api/external/assets/hdf.js","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"0009b06af6892358f6c573335f102046","sha1":"cb899ce5fb6756d389a12e5049f2180dec2366ed","sha256":"540a50ce4665aa5a15e6afcdf7a260860e1896e77955c7ed128d1e6489bedac3","sha512":"83e9ce72ca4725bf501fe711538455aaa2fb278095d4d3938615b1907416446b8a8ed1f4f34fb296ea4c9a6d6b6e0fecbe31afa240305e7d23baa4145b2cd1c8","ssdeep":"48:Pen1yuqKi6649JoXznZwhU6fINwld0mPr6eC5/F6ALWBl/NR3vMNNeEcxHb8JiTP:Y1yuqKioolwHgObfENerHbkiTgRx05","tlshash":"d581323660ee2d3153639052d53fe5e9f229a8073968ec4831fc588a0f40f6189b2e3b","size":4203,"data":"","first_seen":"2025-07-24T09:34:40.995531Z","last_seen":"2025-10-16T23:35:31.258248Z","times_seen":2029,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"Function","is_inline":false,"md5":"580b3e56fc9ab6e8b4655f43ee057cc1","sha1":"5dfce565e446f4a167195de9a1a5dd26163c711c","sha256":"446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382","sha512":"b2350579a3aaa5843b9b16c31782f3d7a4b850ba211d0074aa05d819c89ba49b482eb59aefcfb33f9fc9b270abb7cf7509e1254def23e9f98c116130c47f0018","ssdeep":"","tlshash":"e99002491d851041c56a1160041e1888442488761a40d8d1c480d9551c51630238e45c","size":47,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-04-06T04:37:31.912534Z","times_seen":13022,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"Function","is_inline":false,"md5":"a01893d8e129ad16c1e0fc5c7537f411","sha1":"0e46d1bf2718f848d9d596fa269eaedb31204772","sha256":"cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175","sha512":"074e309b533fc11690afbeab9b4dda85851e086c0ede97936860c7a5c4120ed9a16c6ced4fffdad21ca322f6c6e51577bd4966c5264b4a9780495acc451aee65","ssdeep":"","tlshash":"0d9004f515405350c5533d54401f1d5400f105703c40cc71014cdcd10c710f0335d5dd","size":47,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-04-06T04:37:31.907099Z","times_seen":13019,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/analytics-33ae8256.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"3fe69d9a9d3378c34373ce91ccbea12c","sha1":"825f24611adf78dd2e758a0b918b0233af1460c1","sha256":"e4710a6961f805edabdbaf5f5c81b0bc7f828c8621b1e7881ae8fe6352e42c39","sha512":"89a226481d13a4471e65fd1ed1f4fdb7544d5e22dd900db0041bb7dd2be26242a25cf90d2ec3501edc11c99711d737ab5e61a53fa3fff9a6423a30be2fb2f7d3","ssdeep":"192:6vO+jPZxnEW5+vsj33Veo9KshuUWaqwKWJ3vQ9OE7PQzhVvOSRxGZkm:2jPZxnEW52a3VeoAbUWaqwKWFQ977Pie","tlshash":"6502968dbdc8e43007ba19f8e67b9a0ae07a17173405c451caead8c43d7ea8f5117e9d","size":8845,"data":"","first_seen":"2025-08-21T09:34:57.467867Z","last_seen":"2025-08-22T06:38:14.138055Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/vendors/app-4637d37c.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"531c35806ffbce14702b4652abf02ca2","sha1":"db38b0cf29706bb17785ad8a543a67478de58135","sha256":"fe2c0d640e8b63076bfaa31096f69d85d312e9055694d24f862de0dfc5427a4e","sha512":"a8e38a68c738b1c9333fb985dc1c46a2007d17c7eb5110ecddac9710c986edaf67e5b0df934e4f46e7944eb280bd0f3f9f4926c8fb114de1b7864c58dc061a87","ssdeep":"12288:BDnLX0yfGASmdx4qY4g1zz1ui7d6auhe3vAKMzOlIHGsc:RX0yfGASmdx4qY4g1NuipflI1z0iGsc","tlshash":"60155b99b980f2560aa36be9d06b1017e32d6e5ebc0ce444f2e7cdd536998047136f2f","size":935705,"data":"","first_seen":"2025-08-21T09:34:57.472056Z","last_seen":"2025-08-22T06:38:14.129731Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/vendors/plugins.v-tooltip-3152813f.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"6e24066fbb53d63390bf3fc56308cd71","sha1":"0c5a09b27e42e21b9226cdaa133f27dc9293e6e5","sha256":"ae4315fcbfe9853926c38e42bb363eeb2f839d5c7df657820acdf132fa000c77","sha512":"5483fd3190960491541730d4d979b7fb1ac6c7962ae257218be9606b8156c7a05f5f7080f21a3cb05c2d18ffb3d6018bcec44cc15971d2f328a0426664b4c55e","ssdeep":"1536:1iBnz1T2l5GgbcczTPRSCv1MHoWWdRfm5x0:MBngggdzTP8wTWWRfmE","tlshash":"0173c84e72d0f0b203e7b1b5402f620fb2776558a40ae454b2b1e6d4ac3da5db267e3d","size":76824,"data":"","first_seen":"2025-08-21T09:34:57.556842Z","last_seen":"2025-08-22T06:38:14.122226Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/vendors/plugins.vue-js-modal-90115157.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"bb819ed6671bbfe1e3f783ad8d3962bf","sha1":"71a904a18f49cffb7c910f6aa81648cb82226184","sha256":"56f91340b5519bc8d162505447736b9515e5a4eaaabc2fdef760fcfe07ad188a","sha512":"bfbb99cd9edf8a79d5d641f2394248dfc601115a562e77faf5920e30f1d3f911e1db58f193ac791310f3ee94398d75e27cf7216e9a908ff32e6dab30a3706df7","ssdeep":"384:CGBy0a9vOeCGAZIXfK2rVsAdm00uow4HQEjacGXGQVe6ubq0:CBHyIXfPt4wE9GXGQcbq0","tlshash":"0ac2288977d8307442db5573627f2b0ab23a295474269888b772e8e65cb864d206ff3c","size":26667,"data":"","first_seen":"2025-08-21T09:34:57.52044Z","last_seen":"2025-08-22T06:38:14.114431Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_7fab30e1ce.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"4fbe436d6dca63cb849c9aec4a82d7da","sha1":"cf069b696bbaf1332c814252daba876e2f63168b","sha256":"e7dd978d6ac21c64e66f971db83c8fe7b879bdbe2f9064c9a8c20688b6f15214","sha512":"d6cca8315b7c07fb6059327c070752885894ec1c4e9f117c5505e0def0e50c03034fb54624dec99d2a97b1815638a4839d760ac9eb40b7f328fb7b0a7014bbc9","ssdeep":"12288:xMTgLaj/Yv70ifFAFnayGV5CFaFIx38rq53EmFHX4VHxwKc8jm2fJe5Lc0:GKaj/Yv79NAMyGW3Uq53v43c4m2fJCL","tlshash":"75657d55b01ab8221dd744eb90370643b19c5a9e9496f8a0f6fadcf837ce804529fb7c","size":1419312,"data":"","first_seen":"2025-08-13T23:36:01.901716Z","last_seen":"2025-08-22T06:38:14.221695Z","times_seen":243,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/851158da17.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"e5ed531d3c6b727e8446e0c0ea3c69cb","sha1":"7be769538fb0c18fea783b3363277ba664f2b0f2","sha256":"1a75ae13310c535f2472d50ad7666ebb4a12dd9d0dd835a367c4e88336a6f04b","sha512":"443f6eac8b909841ab3c43992fc89f23c74e5a95c42e712c38daa6ebabeb7c3c8a7041bea9faf3ea2f26c3f655c8637c4201cf527976590f8d5f35f7793c0599","ssdeep":"","tlshash":"9061b68574f560f9790741cd3d917470e34a0db9239c05b1f2f5888823bd6c45b2e69b","size":3220,"data":"","first_seen":"2025-08-13T23:36:01.813795Z","last_seen":"2025-08-22T06:38:14.174085Z","times_seen":135,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","size":69,"data":"","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"7e76c08e7f16815131a5f13a10c1efba","sha1":"5f800877b78a0713157fe119bc1a2d9a260f72e1","sha256":"c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc","sha512":"564dd139cad65e99fb210caf791d0582fa6312fb19e5c8395296361bd1904c2019d246132d42545f47f43a589bf3900e0468ed262251056c22d8172c55017e7b","ssdeep":"","tlshash":"b421f1e55fb87ba3627e26e4a02e0041e001d53752b4f1d4e294dfb464e945c035b4b6","size":1194,"data":"","first_seen":"2025-05-14T05:06:37.154171Z","last_seen":"2025-08-22T06:38:14.169571Z","times_seen":1811,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"1580a3cfe81fd30910a49dfe64cc8e7b","sha1":"314144dc49595482ba46c0b85b38d5f73ef73a7b","sha256":"8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035","sha512":"65a68a90c0bbac3609abafd1e200227d970f2a35a5158d699972651cdcdcc4c60e08dbe7e3f605621abb04e016e064f71057c9332d2a4e46dd704aad5ee3196b","ssdeep":"384:yo1wZ1yyQBPgmtk3aNPtFvsddbHyrKe/k43RuD6EgUBBmCWEg4bGy7IbEALvzAdw:lwZ1yyQBDk3a1tF+5E/uDRgQBpWEg2mh","tlshash":"de824be47bb9fd93339840dc80671b53f26948a7844cd074e799ae9330a454385b6bbe","size":19175,"data":"","first_seen":"2025-05-14T05:06:37.162459Z","last_seen":"2025-08-22T06:38:14.178048Z","times_seen":1811,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/baf62bd4cb.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"e436d2a44a4d836d135e261b6bc6014a","sha1":"cbc0a076e152401a2d0fe1fecc87e4dd0468b810","sha256":"ae681f84c19ea6882f6bffbdae40f7797c5b7f507db7b805b495b6ff1bea7d87","sha512":"6740fdc467c1fe067dd4266b604363d5dc104b1f6054453209baf61f396d52288b9e6c8784d5b1505191fd17f7933387acc47585f62b4dddfc2ee92126b365da","ssdeep":"","tlshash":"4e51e6b471b4b4f477a80ccfbc2621b2e118a418380dd0e4e2adcca6118e097a07bcb2","size":3100,"data":"","first_seen":"2025-08-13T23:36:01.833147Z","last_seen":"2025-08-22T06:38:14.180255Z","times_seen":135,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/bbe648c471.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"a522efc9afabf0b86b88c1957893a9b0","sha1":"83da941100200a66fb2c8721becefd2d27580360","sha256":"7eb5608b357322d5ae073e7062baec49cab5f912298332214b375471d7267962","sha512":"2700ab462efdd5fa40c5857c818e6c40e14c06c25c22ee271ec87da9b25494fc61d747d39c0fdaff446cca6331bc3d3db2d8e26aaf45437d5bc45e39ef336a99","ssdeep":"","tlshash":"a451d7ec6ff934b4740d8e59f80634a29b98082b36fde4f5f29d9f900334199d251e41","size":2887,"data":"","first_seen":"2025-08-13T23:36:01.780751Z","last_seen":"2025-08-22T06:38:14.170512Z","times_seen":135,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"Function","is_inline":false,"md5":"5d85c2aa720bb3d30035d8ec19879be5","sha1":"156ad15b2d1f5f7c533cb49a1009d127d0a2f5cf","sha256":"15f29e2b2290fbe8f408b08bc7573d8c13c469d7fc188362a4f4c5f43c365164","sha512":"c0c34f7ed40c7c5775bb4e75d20a981d6f5b02b1494e273347fc6d9474b2a9278187ae5f237bedb55f955bbcc31450deba96258aa427e1b47d92e94b4f1bac8f","ssdeep":"768:Ks5f2K6kvder3ik9Ra2L6/Got3KUveRe1CC+BBC+ZuncCMKxnKDOfb+QVNXK/vhM:1dAr1s1/DVaiKYrFkW90/Sl","tlshash":"9c830dd6397b6c22bbc35d92c52a72f3fc3c6485fbac8d18e12d72489991127d6e5032","size":85316,"data":"","first_seen":"2025-08-21T06:37:41.38757Z","last_seen":"2025-09-02T07:09:00.536727Z","times_seen":359,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"domTimer","is_inline":false,"md5":"01f4b51b4ba7edd00ad9f0a22259f06e","sha1":"00723d0eda4be61a7b1c542b0a08a94a94a60017","sha256":"9fdac1c31a22f55dbb8ca225ee28c3f7e88b41cce82968af0018c9f8b3bd35ba","sha512":"83d180c9960a53f88da3e3ff8616b4e095b7d642182f5855cfa386d48a19b888fedbde6433d1f926d9dd93d0a813a24590591729a6d8393543dfc490efee2070","ssdeep":"","tlshash":"29500000c000c0c0c000c03c0000000000003300c0c00030033000000c3000c0000003","size":10,"data":"","first_seen":"2024-09-21T15:04:59Z","last_seen":"2026-01-22T06:40:31.224966Z","times_seen":5888,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/vendors/plugins.vue-notification-0ede4374.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"6be5014f978fc8c37c34ea51e7a0e4cc","sha1":"bd6f576d96d945d525cc8cfcb6233b8b5ccbdc17","sha256":"e081382d67adb88fe151bdfb4fb6f2d6392d6225cbbf7c6845816bd042e9f43d","sha512":"a64fc910ddd633045de6663eda45300745b591e05f97643aa7723d00358f5acdab51762f41e05cb973af60369a310d0ee02a7bda8d8814c99fc17c1cc57faedd","ssdeep":"192:nU1hQXHv3CbfKpqEVwhSIkrReP+SdHtfGA2D3ow5EE9bJ52bFZLy2mp4ilVh:nn3CmpcDkAP+S/fGAWf5VbWbLy2mmijh","tlshash":"c14296ceb2c2b4650be760b6402f110af136a96869ab54d4f3b1d4f2adb564c413bf3d","size":12563,"data":"","first_seen":"2025-08-21T09:34:57.532791Z","last_seen":"2025-08-22T06:38:14.123893Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c712a3b977.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"43c0a50957631da2c0d4a53301c35275","sha1":"d2e8cd5dc439a1c6e5d1c63089becc1837c46a3c","sha256":"22723e4936bfe2e9f9140cc1764fb1882684f015288d3cda721044c5607c40a7","sha512":"f976bbecb99c17173f613704992fdcd77da400fa0412c26975adffa3ca93d9e5b87480521030cb12afe122dd8ce9d445076fff388424b3e08ab53517b44270af","ssdeep":"","tlshash":"2301207ff973b024620048cd5827ac22d3453da91f969ae4c0dd0272d313012e00a8e3","size":763,"data":"","first_seen":"2025-08-13T23:36:01.873704Z","last_seen":"2025-08-22T06:38:14.161529Z","times_seen":135,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"32053c9c355cf85427a5cc3f07de0b09","sha1":"f3c13d6a657ffa2ca8997f54f4779f0c02f1600a","sha256":"0ec410318f3ecc3a3aef3de68e99190845248bcc12282aa15eb9acc87f8837d3","sha512":"cbb8c7ef0bbed264989bf5b4af7d216cdeacc5684641c37d429e5ceca7dc04e55254e81f319cd856e7b4f447565bf5abf4e9915f5725eb57cfb142f113362078","ssdeep":"","tlshash":"2211756e18ed58291a9275c402b7ccfc642036363219d4c495ede9e1072ff990032f5c","size":1024,"data":"","first_seen":"2025-07-24T09:34:41.13762Z","last_seen":"2026-04-06T04:37:31.872391Z","times_seen":3857,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"eval","is_inline":false,"md5":"bc778ed0435ca180b2cb841d086ddd62","sha1":"043dfaf351a8b7a3ebbe2e4ea0e962cb1a621613","sha256":"fecd6ff2a94221d1402ca3d6216547ab37c2465cb716d54e10a99b77e777db0d","sha512":"435b6610d0e688b8f340ff2dd09b188f081551e7af272495662f894a52e810d55f09e45d5021fd7d4b8e6f7be8eb074d327f3654961418acc03b71de10697c20","ssdeep":"3072:0m9C80i0lOxS4RJqcvKZdCupv/Gbfbkm4q1kwj29LAUKG+A4ArUF:0mr0lObHvKZtpXGbfAmUwi9LrUF","tlshash":"d87481c4e0c1c080b3d11cacbe757dd9699d2d866aded9a89e41fd8bede023c9568433","size":350159,"data":"","first_seen":"2025-08-22T00:38:10.350637Z","last_seen":"2025-08-22T00:38:10.350637Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"e1c45c4aaabe32247d21e80239802ffb","sha1":"52e903f83e4a139daa35df9fd883d0fd32be0294","sha256":"0b50933bdfbadd58f034d3780b6558f8add3bff8bc42475db12a554bdba9d52e","sha512":"0233db4a7238f565752fbc6557010a8242156a19c4fe1a153a24da1dfb3f58279bd1270a05de605acdbb58f9dd5086ef6c3c192e3833265687c79ad15b856afd","ssdeep":"3072:95y4qwiB+hEgJXwqP4AYqwiB+bEgJXw+rHR/98eD62BFF8y:fyweg7WAgbLDjzF8y","tlshash":"2424a62f690c1d3e911f2eba854f7d4e5b7cae1a30cb6c059c9eae2911e3694416343f","size":220462,"data":"","first_seen":"2025-08-22T00:38:10.389571Z","last_seen":"2025-08-22T00:38:10.389571Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/runtime-d62f524d.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"981afb39d72cfeb54e5a117fd88f70dd","sha1":"7d7b87a70870c5d13ad1c2a004df298393ee5426","sha256":"6868cc440c0285fb55bde9880bca5a8a32d50818c649b00f9dedd7821c9d4ecb","sha512":"06f1727b548b54a288aabc468fb868eac90c8857e66d6fbf58ad776c294b5453b2d32a56b62fe5630c9085387fa51b970413f107d7c3b91dd3ea72a1bcf9aa04","ssdeep":"384:FwzBq0PCItnLcEL4u4B50PCItnLk/HdUoWPSz5W3:GUDItLcEL4u4B5DItLjoWaz5Y","tlshash":"ec821e9daf1acca71923dcc338217d21595820335c5647ece6fae2285018e6c75afe2f","size":18398,"data":"","first_seen":"2025-08-21T09:34:57.488937Z","last_seen":"2025-08-22T06:38:14.151135Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"eval","is_inline":false,"md5":"2fd021d00002f09a67aaa9f4d1ccbd4a","sha1":"c032f5f830ec957b2e199167657d83edf7519736","sha256":"f451b49a2d5ab91200e568256f0b543ef0b4802b64daa22097729dae22e57c58","sha512":"8299369afd110190c7d92f5fae4438ea19319a5834d0a6f4954962499d19290ae52a05473ed0d2daedd3efea4a32f31eb145cc56ca410db27ea6eac0da2ffe6a","ssdeep":"","tlshash":"f0514011e03c5a3bed37062e920b7f125fac45a26a892f5cb61c4bbc25d60ce91136cb","size":2665,"data":"","first_seen":"2025-08-14T03:45:00.32147Z","last_seen":"2025-08-22T06:38:14.224139Z","times_seen":116,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/DC-50bf1a4a.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"99aa7c76999b304965c84211ff14825d","sha1":"97864bca245e8cfb66de1c12de4b8c6376affa40","sha256":"efe5e6e47eed04176a4802424634e40a806948bf804f680844cf22a0dc06bfbe","sha512":"037437af0f44e1473976e451c266f89b03e7e54c74ef739227768764ea23a15b7d24ca917f8494e9a0441d5df9265d5a7ac06a566b1bc42c6cfe322f6108faf7","ssdeep":"","tlshash":"db41850575a4bc1283fa08d819ff7106013bf07a688dca75d7e36ec708a7f66a117d19","size":2304,"data":"","first_seen":"2025-08-21T09:34:57.549234Z","last_seen":"2025-08-22T06:38:14.162427Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"Function","is_inline":false,"md5":"87d0b3b5cb797a1ab6e414cab95cbe51","sha1":"2e9724774c8007fe0d1abfb7310cff13d3cc4492","sha256":"ac6893a68cd9726460d466d6c870760e9d485105deb4f54f4c5660f156da7ef9","sha512":"43476ab80b21572f867ebbeb6c1e6d74b8dfdcd923a9e3eb8033dc6a0a9587174c82ab6f3dbea15dafa96496897851580b03e4fda9167c41f6087f25a1fa1f6a","ssdeep":"3072:eQqEKy/EU82eQ7KjyYb4VxgKhNz6br4QOq168JEPLlSaOAiA0Af89:etylVeQKb4VNhNz6b0QY8+PLX89","tlshash":"a664b5c4e0c18080b7d120edff257dd969ad3d466eded9899e423d8bede022ca469437","size":336221,"data":"","first_seen":"2025-08-22T00:38:10.391344Z","last_seen":"2025-08-22T00:38:10.391344Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","size":390,"data":"","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"v3.traincdn.com/sys-ui/3.3.340/Desktop/Default/client.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-ui/3.3.340/Desktop/Default/client.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-aa6aa9fa451927c238eaacde54fb3c35-f03b71acea09cd61-01\r\nlast-modified: Thu, 07 Aug 2025 13:56:34 GMT\r\netag: W/\"40b0864869e73371b585800391e8b361\"\r\nx-amz-meta-mtime: 1754574953.995752548\r\ncontent-encoding: gzip\r\nexpires: Tue, 19 Aug 2025 12:42:01 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 42702\r\ncache: HIT\r\nx-cached-since: 2025-08-21T12:45:57+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":980316,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"40b0864869e73371b585800391e8b361","sha1":"a744dcb6779e85dc401259e5ba6ea2b4b534640f","sha256":"2b36db229f391175fd9e41e84e2e4a8d84953a435b7ac4edce9c3c30db81316c","sha512":"7f0be6de91f2a6ad012772b3e2aac7262f44bb4b017221250b4a7759add2c5f8c73d0e03b6ca8f6102ec4f98eac3b0616217e3b7009f056696b1bab805e05eba","ssdeep":"6144:pxaqyRQo5oHztlhwObpnq8/CrhOWzAjKbBcqDN82hEPHwcnIO0m:35pq+clbBcqDN82GHwcnIu","tlshash":"7c252f4de998c2362e27f921939c6ebc1630f566df320e5bf40d439615c3aa350e1dab","first_seen":"2025-08-18T12:56:19.345581Z","last_seen":"2025-08-22T06:38:14.116579Z","times_seen":133,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":122,"dns":35,"connect":0,"send":0,"wait":2,"receive":0,"ssl":92},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/Page.Block-fbf12404.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/Page.Block-fbf12404.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 476\r\ntraceparent: 00-d014b7f3956335379cafe687d6305035-913923b1ba4681db-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:58 GMT\r\netag: \"1ab01a13188ad33a27d687ae1bda49a9\"\r\nx-amz-meta-mtime: 1755767336.912798447\r\nexpires: Fri, 22 Aug 2025 09:24:11 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54601\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:27:38+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":476,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (476), with no line terminators","md5":"1ab01a13188ad33a27d687ae1bda49a9","sha1":"8866860aff026e8e0d9aad522b33dfd95ec4ff9b","sha256":"c3d8be73d3b9a8f46aa72e35dc121b068946c053b5b6ea020e8c58707b1ed985","sha512":"8be16d813f1bcea503ef7835cb132256c67b1549d2d386f55a711d415b6d69e75cb68db09cc3e47378b7f9b9346ac333e3cf5df36514c82585e0f89d14d160c7","ssdeep":"","tlshash":"1df09e9b5562fc8d95e6109343b7d2b7b48c797a0649696006a1c8a532f7c66481124f","first_seen":"2025-08-21T09:34:57.516517Z","last_seen":"2025-08-22T06:38:14.181597Z","times_seen":23,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/Betting.Core-9b415186.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/Betting.Core-9b415186.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-c376a284da6464635cf6188efb10612e-a3219f2976226cc1-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:58 GMT\r\netag: W/\"10e9466af5fdc75e29996a68fece9c69\"\r\nx-amz-meta-mtime: 1755767336.912798447\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:40 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54735\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:24+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2126,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2126), with no line terminators","md5":"10e9466af5fdc75e29996a68fece9c69","sha1":"4f61295b68ecf299d5fce468713f8d586c234353","sha256":"c144f2e4c29fd2f52f354c1c48ea867349069721d73a176f0d5020e9f647ae5f","sha512":"910dbeef9368f11a2b38d4c963f3981e38dc2799be27835a1a4c46249b3a3d9ee0f1bb613fa3c79ba94d215af9642e0206ff33145865068991f4cd2e0526b69d","ssdeep":"","tlshash":"d641d98979d2b484423f1cda40fb14f6a0b96eb5358d05ec9943dad43074a92c0daeca","first_seen":"2025-08-21T09:34:57.496541Z","last_seen":"2025-08-22T06:38:14.124716Z","times_seen":23,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/325027d97d.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/325027d97d.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-a09fc2f01aadc5749f4ccbece8833138-07689df82bbe6295-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:44 GMT\r\netag: W/\"f98cf72ad21f7e39f5708258875740c7\"\r\nx-amz-meta-mtime: 1755084576.638097548\r\ncontent-encoding: gzip\r\nexpires: Thu, 14 Aug 2025 11:33:41 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 45904\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:52:36+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1166,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1165)","md5":"f98cf72ad21f7e39f5708258875740c7","sha1":"38a5036dfb3216cc5b9d472111d6ea2d3884aa98","sha256":"d0e7d03f7f55582b4c8dc8a0a64f99747c7f99e3b545a112e0a4946c5da016e3","sha512":"c9e6c1b2e8e997fb98a509a09a49061ac5b1a9b566dc3f1c60a000d6d8e640ece784ec9e7ee667b8092165072dce230ec0c45a25c230b2fc84c3dd12cb37a263","ssdeep":"","tlshash":"0021a7303034e56b0bfe0bd8c8331850f32c225ca73565d276cc6fa102aa506529ebbb","first_seen":"2025-08-13T23:36:01.818277Z","last_seen":"2025-08-22T06:38:14.137264Z","times_seen":136,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/web-api/session","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:48.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"GET /web-api/session HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nx-app-n: v3-nuxt2\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1280; che_g=c7d83060-e0e4-4de6-a339-92feb323de09\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:48 GMT\r\ncache-control: no-cache, private\r\nserver-timing: dt_total;dur=0.115, p;dur=29.322, wf-uht;dur=0.039\r\nset-cookie: ua=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/\nSESSION=e14e5d7e1361724d77d4b74f02ac180d; path=/; secure; httponly; samesite=lax\r\nx-dt: 1305\r\nx-time-ng: 0.031, 0.031\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T06:11:46.020773Z","times_seen":13409077,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/commons/app-3aa40bb6.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/commons/app-3aa40bb6.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-d43f3e74cab35336b667a0c528f8e98b-6ce2627c7b5a5784-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:58 GMT\r\netag: W/\"5212bc8c2673ad4ec805e30e0e8f01ed\"\r\nx-amz-meta-mtime: 1755767336.915798458\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:35 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54738\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:21+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":137774,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65476)","md5":"5212bc8c2673ad4ec805e30e0e8f01ed","sha1":"820eb713194822a4a67bf780cd9879049cffd8f8","sha256":"635ae0298d74da3ae9eb4e1f8eecf37af2b75d3d232ca51fc85ac18aa9389166","sha512":"f0a29f03f64b225bc2417d5ddd19c093ca22ca6f1cc9aabfca2ec6d8708b249b359b33e9aad139865efb55ed6077e8b58a6b71900b8f4c9171bd31893d12e293","ssdeep":"1536:x0UiXH2DHJjIAG3wvvjE+gjmZVBzCrmhkG5YGf7BMr3y6MPk+PWKWoidtI:MXHUp0qXjE+gjmZCmlYGNMryYd+","tlshash":"c4d3d5dcf695b03117e721b5407f150bf23a7898680ac0a4f266e8d53db888ea167f7d","first_seen":"2025-08-21T09:34:57.546545Z","last_seen":"2025-08-22T06:38:14.152071Z","times_seen":23,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 46\r\ntraceparent: 00-966b3091a78b622f2c74f1aebabd1bc6-446706e75b207f84-01\r\nlast-modified: Thu, 20 Mar 2025 13:29:31 GMT\r\netag: \"29b5cda95fa390c124de39b6aeca6d24\"\r\ncache-control: max-age=3600\r\nexpires: Fri, 08 Aug 2025 22:53:08 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1827\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:07:12+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"29b5cda95fa390c124de39b6aeca6d24","sha1":"46f68f69533c1fdc737eb36e8e7af7672178e610","sha256":"6021ec0aede22eadcb8401fe945d345202320437c7be01b157f0cb282ebe7c88","sha512":"8a62d0b23596f91ed5dbd111fce75e940b4b6fe542716d9fad76d610eb9a90f67bad145f3dcfd977b5a7a6d414d66e94c0abcaf6cabce2310d94af56cdf0e13b","ssdeep":"","tlshash":"54900294a50c22502025c656109c48d0119412566621255851533451b4438405960188","first_seen":"2025-03-20T19:27:14.305804Z","last_seen":"2025-11-18T11:41:52.983768Z","times_seen":4852,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_271441dbfdb38e2f76ad876b97be7f32.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_271441dbfdb38e2f76ad876b97be7f32.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-948a8e44a3073133ac53c1a33ceb745e-3c78cc91b8783e2d-01\r\nlast-modified: Thu, 21 Aug 2025 16:07:09 GMT\r\netag: W/\"99eb3058fc5d54fac814ceaf915aa899\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Thu, 21 Aug 2025 17:23:40 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 722\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:25:37+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":141580,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"99eb3058fc5d54fac814ceaf915aa899","sha1":"1f3783edb95d936689f62a577c60e46bb94aa1a3","sha256":"ceab29e4c00008627cb122f646adfb696a8bf148de90d9457fab6b772f7e8881","sha512":"d87157de3e0d4ec76a0dd2f9c39d60a71270edc35ed5d31b7f1d711e3424990ad9fcf086df89c452207542f199114f89e6020e014915458733d3636841b546df","ssdeep":"3072:OjCMI9Z0rkk7etAfRxxlRNE/sj9AVLA4Sc6Wrs9fuJm9p1Zp:OnIsoJ2fVlRNE/sj9WA409fuJm977","tlshash":"11d3f70a194c6e7f0fda22ddf94edf4962b40055aab2c822d8eec11e7197fd2817714b","first_seen":"2025-08-21T16:35:41.047504Z","last_seen":"2025-08-22T14:22:43.561011Z","times_seen":18,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-f0e2638c19f6aafe1df65ce0dee9f08b-1009f85ba769e935-01\r\nlast-modified: Thu, 21 Aug 2025 07:53:37 GMT\r\netag: W/\"1da464d70e78b04b9b808e82e4ad9487\"\r\nx-amz-meta-mtime: 1755762778.558434849\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 08:29:11 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 58109\r\ncache: HIT\r\nx-cached-since: 2025-08-21T08:29:11+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":158815,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65509)","md5":"1da464d70e78b04b9b808e82e4ad9487","sha1":"0c79e65516d1525ecb43d13cfb4ccb0631095a28","sha256":"b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595","sha512":"517231e24fe48dcf9e907f32f759a9d8cc0471202dd5a22dd27efffeeb989e0f12b0db848280f03739b2e267ce95feb128ee8e9305cdd4e299c3fd19695ffdb8","ssdeep":"3072:sOU03o4Pwjp9BumfaVpfMHgWH71RgZXo9k:sXpzumWpf2gWH71RgZok","tlshash":"5af3b9f73640ab6775b23b188e4ad28f6f9c9c51cc88908caae7d4db5d61c22707db14","first_seen":"2025-05-14T05:06:37.168433Z","last_seen":"2025-08-22T06:38:14.163241Z","times_seen":1811,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-918ba3a659c9dcbb464157e39a1bd9ba-5136c86bd3ad5a1f-01\r\nlast-modified: Thu, 21 Aug 2025 12:57:48 GMT\r\netag: W/\"e3f1c4089db6b910890e85d97a2e2066\"\r\nx-amz-meta-mtime: 1755781011.214789676\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 21:34:53 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 10966\r\ncache: HIT\r\nx-cached-since: 2025-08-21T21:34:54+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1297,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1265)","md5":"e3f1c4089db6b910890e85d97a2e2066","sha1":"85828920da3c3fd7856acde184e835ac314295cd","sha256":"6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614","sha512":"0fc9e47336d93f4f6ae6dbffaaee9145b46d4ba6c75aad12acbded8fc3468d1d8d29fb76440dba071ad362f725287ea38b5f48045e51c39fd5bf842f5ec0abd6","ssdeep":"","tlshash":"d821f09fbac2b5908394184d4e2ec055f23a2957641ce5fcd625e6827c407a186f2c0d","first_seen":"2025-05-14T05:06:37.190071Z","last_seen":"2025-08-22T06:38:14.173196Z","times_seen":1811,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.72","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:50.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:34:03 GMT","end":"Mon, 29 Sep 2025 08:34:02 GMT"},"fingerprint":{"sha1":"A2:8A:24:AD:51:7D:A4:62:BB:34:6F:C9:21:A1:B9:E1:2D:A6:0E:C1","sha256":"9F:B9:94:8F:84:D3:44:71:A7:81:72:C8:80:4D:14:02:E3:E0:30:0C:F1:17:27:83:00:82:D9:C3:68:D3:B3:AF"}}},"request":{"raw":"GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 22 Aug 2025 00:37:50 GMT\r\nexpires: Fri, 22 Aug 2025 00:37:50 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1106:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1106:0\r\nreport-to: {\"group\":\"ascgcycc:1106:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1106:0\"}],}\r\nserver: Google Tag Manager\r\ncontent-length: 153705\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":481148,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)","md5":"330567d7cea16468b595b6c6fbfef999","sha1":"06ca1d489d2b27494e9f4b8420e961b4cbac9eac","sha256":"3001f95de3358a52eab3425755f53471897b42d9df374ba6a9b76e5c49360591","sha512":"b83ec4556948ffe2e963cfdad3f5ee654a57e087d3e2ea52f1d2510e48a7d076a3ef729b4b9d214ed4fee82a31e9f64793c0aed4f3b5b3be01ced307c30b32b2","ssdeep":"6144:tYqVj55wzdUJo4uPhrNbyAtTQyGylAo//wWasMiO4rQW:uqV95wzwo4uPhrNbn2mOJW","tlshash":"08a4099e73c6746693daf478402f01cba97b25e2b49dc8aab1c9ccf02d3455a4127f78","first_seen":"2025-08-22T00:38:10.32332Z","last_seen":"2025-08-22T00:38:10.32332Z","times_seen":1,"resource_available":true,"data":null}},"time_used":504,"timings":{"blocked":190,"dns":0,"connect":15,"send":0,"wait":64,"receive":58,"ssl":175},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-482019f8d40219746aaf200f7c4673da-633654f0f6f0454c-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 407\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:30:52+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-04-06T04:37:31.820168Z","times_seen":10238,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/colors/cd92ba54cae16d41daf5f586a3cbecea.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/site-admin/colors/cd92ba54cae16d41daf5f586a3cbecea.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/css\r\ntraceparent: 00-8a39e86b63a111af72c1a783cb7c4c90-af91c698868064ef-01\r\nlast-modified: Thu, 14 Aug 2025 11:05:06 GMT\r\netag: W/\"cd92ba54cae16d41daf5f586a3cbecea\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Thu, 14 Aug 2025 13:17:23 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2477\r\ncache: HIT\r\nx-cached-since: 2025-08-21T23:56:22+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40673,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (40673), with no line terminators","md5":"cd92ba54cae16d41daf5f586a3cbecea","sha1":"64019485495de9e3c8db583a913de2674f4fbb21","sha256":"31ce9b35619fc08af219e4aaba875b8c43390b01c7c015123627f058d46cfaca","sha512":"37c4dd44804f6bbb8e850f3ed054d4d3a4a813b710bd4d7e9c18368dee7f4efb4396eebc35c0433811481b00fcebf315db9bfb894da361129212a7c9c11b1bc2","ssdeep":"192:+w2ADLPJLeVMGPjqFpSJCmuuZs3NyOzxQOg+lNvChrjgZca7qRjH9W7Sn2b3rLDI:+EO1mFSK75xWt5JkyunibMhS43eI9peN","tlshash":"1e037b7ded91c1712a591931911c677b3d36e9caae240f8fd02c63e630c1b022be5a7a","first_seen":"2025-08-04T22:46:47.651758Z","last_seen":"2025-10-31T01:18:46.264532Z","times_seen":507,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1305/desktop/media_asset/3834559104e2a0767a35b2ffc2fc74b2.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-1305/desktop/media_asset/3834559104e2a0767a35b2ffc2fc74b2.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 747\r\ntraceparent: 00-ae27360e1ea2738ee44d6e5a4555f75a-9074399c973db442-01\r\nlast-modified: Thu, 27 Feb 2025 13:27:54 GMT\r\netag: \"f4e90636ec9cff061c4301b3cefdd0d6\"\r\nexpires: Thu, 21 Aug 2025 11:36:55 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":747,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f4e90636ec9cff061c4301b3cefdd0d6","sha1":"c506efe9c3672c58434ea10021dab0ad81b1ad98","sha256":"30666f138ccc12735e2f8a6405ddce4a3d8756b9445e3b2732fa2970f14dbcea","sha512":"2db1a1a4419db47b4256906f9c660b85479bb83d2ab0757d1b1c24cdf94d97bdc4a7140d5d8ea31cbf612a77ba1ae6ef46bbd77eb42d24b6d83afebbc46c9216","ssdeep":"","tlshash":"2a012d94bde4083719374ca981a2595d63844b0398297c087adf3d4c5b2096d056e9be","first_seen":"2025-03-01T06:06:39.041672Z","last_seen":"2025-12-04T11:53:51.978889Z","times_seen":4943,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_c29ed659a5.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-2ad80da917e51dd574d44dc36cbd30eb-f4bfc8ed98ebad66-01\r\nlast-modified: Thu, 21 Aug 2025 12:57:51 GMT\r\netag: W/\"b95f2867a4f69c6f87508d4376778ab8\"\r\nx-amz-meta-mtime: 1755781011.188787535\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 13:32:25 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.008\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 39915\r\ncache: HIT\r\nx-cached-since: 2025-08-21T13:32:25+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16157,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (16156)","md5":"b95f2867a4f69c6f87508d4376778ab8","sha1":"34b733244053bb0634826b593e14e88782e81680","sha256":"f318dcd075506078ef1811c0a12962c5fed8811ee39cc3c77691a81063e05340","sha512":"dd8d736d26cad47776c4e4706beed168dedd02d25dfa0570a7f4874fcb260ff78951ac7cb94d91d225837db6a33eebf5b236932fe7b2e2014a1c9f9d309b0c61","ssdeep":"384:6tP2qT4YEUXGPYsH3M95B59IBMNUiLPqnIJdlh3uY3V47Czazgjdk:SP2qT4pUX/sH3M95B5qB6UEPME1uY3nk","tlshash":"9972a7a6726c3a2683d648f240355603e72b0cb979104499fb7c6edb7c198cd42ffa78","first_seen":"2025-07-01T14:08:29.773148Z","last_seen":"2025-12-23T22:34:35.075094Z","times_seen":1892,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/bbe648c471.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/bbe648c471.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-fa5b58611cc6abba0df5ca41f8427e26-2415672021fa92fe-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:45 GMT\r\netag: W/\"a522efc9afabf0b86b88c1957893a9b0\"\r\nx-amz-meta-mtime: 1755084576.646098197\r\ncontent-encoding: gzip\r\nexpires: Thu, 14 Aug 2025 11:33:40 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 45905\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:52:35+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2887,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2549)","md5":"a522efc9afabf0b86b88c1957893a9b0","sha1":"83da941100200a66fb2c8721becefd2d27580360","sha256":"7eb5608b357322d5ae073e7062baec49cab5f912298332214b375471d7267962","sha512":"2700ab462efdd5fa40c5857c818e6c40e14c06c25c22ee271ec87da9b25494fc61d747d39c0fdaff446cca6331bc3d3db2d8e26aaf45437d5bc45e39ef336a99","ssdeep":"","tlshash":"a451d7ec6ff934b4740d8e59f80634a29b98082b36fde4f5f29d9f900334199d251e41","first_seen":"2025-08-13T23:36:01.780751Z","last_seen":"2025-08-22T06:38:14.170512Z","times_seen":135,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:49.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:49 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-58043d5f1b2c046ab92a3a5427501454-f3ca5a9fea097042-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 417\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:30:52+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-04-06T04:37:31.820168Z","times_seen":10238,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/vendors/app-4637d37c.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/vendors/app-4637d37c.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-23023349a156795d36769e074c019210-7524ffc5184cc5b3-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:59 GMT\r\netag: W/\"531c35806ffbce14702b4652abf02ca2\"\r\nx-amz-meta-mtime: 1755767336.933798526\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:35 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54738\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:21+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":935705,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64017)","md5":"531c35806ffbce14702b4652abf02ca2","sha1":"db38b0cf29706bb17785ad8a543a67478de58135","sha256":"fe2c0d640e8b63076bfaa31096f69d85d312e9055694d24f862de0dfc5427a4e","sha512":"a8e38a68c738b1c9333fb985dc1c46a2007d17c7eb5110ecddac9710c986edaf67e5b0df934e4f46e7944eb280bd0f3f9f4926c8fb114de1b7864c58dc061a87","ssdeep":"12288:BDnLX0yfGASmdx4qY4g1zz1ui7d6auhe3vAKMzOlIHGsc:RX0yfGASmdx4qY4g1NuipflI1z0iGsc","tlshash":"60155b99b980f2560aa36be9d06b1017e32d6e5ebc0ce444f2e7cdd536998047136f2f","first_seen":"2025-08-21T09:34:57.472056Z","last_seen":"2025-08-22T06:38:14.129731Z","times_seen":23,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1305/desktop/media_asset/85737c282d242127f22d88ddc44a0f76.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-1305/desktop/media_asset/85737c282d242127f22d88ddc44a0f76.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 182\r\ntraceparent: 00-76bcf1acc9cf68bfa650c1eac90b83d7-ffd80949cdb47a9f-01\r\nlast-modified: Thu, 27 Feb 2025 08:56:44 GMT\r\netag: \"0a64a07e9a34e8a5b5e97e80a10888c5\"\r\nexpires: Thu, 21 Aug 2025 11:36:55 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":182,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0a64a07e9a34e8a5b5e97e80a10888c5","sha1":"82545cbc39b7dcc031dd10dea841a0b3698243d6","sha256":"7201497e7e8cdf9d35bf6998e43dcde5feea535f9828ce3ee98785781016126c","sha512":"fd619b94af18c7082a4f18556f1443081c8dc650b263c49c56f2514184d4f62e253ad87a220baa9396d7a06bc9ec3cc8ec75eee829a6c1016c4a3af2c1afa5ae","ssdeep":"","tlshash":"f0c02220e5f88823012b68bc80eaa55417504b2339021c20374c0a884b6162400149b8","first_seen":"2025-02-27T19:55:38.982186Z","last_seen":"2026-03-31T06:06:31.551304Z","times_seen":4136,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_chunk_7HDOEZTP.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-c6ea3279d38291a9df775412f1abbcbc-65442ccb74c29f32-01\r\nlast-modified: Thu, 21 Aug 2025 06:39:09 GMT\r\netag: W/\"7e76c08e7f16815131a5f13a10c1efba\"\r\nx-amz-meta-mtime: 1755758330.575553732\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 08:28:42 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 58138\r\ncache: HIT\r\nx-cached-since: 2025-08-21T08:28:42+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1194,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1193)","md5":"7e76c08e7f16815131a5f13a10c1efba","sha1":"5f800877b78a0713157fe119bc1a2d9a260f72e1","sha256":"c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc","sha512":"564dd139cad65e99fb210caf791d0582fa6312fb19e5c8395296361bd1904c2019d246132d42545f47f43a589bf3900e0468ed262251056c22d8172c55017e7b","ssdeep":"","tlshash":"b421f1e55fb87ba3627e26e4a02e0041e001d53752b4f1d4e294dfb464e945c035b4b6","first_seen":"2025-05-14T05:06:37.154171Z","last_seen":"2025-08-22T06:38:14.169571Z","times_seen":1811,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_localforage_FJKG5M2E.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-3f17ed073d776979a1e497d3ac1d6d5b-7f8e49ed4f4fbc73-01\r\nlast-modified: Thu, 21 Aug 2025 06:39:09 GMT\r\netag: W/\"02cf95f00794b77df34632e34a59c5be\"\r\nx-amz-meta-mtime: 1755758330.575553732\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 08:29:17 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 58103\r\ncache: HIT\r\nx-cached-since: 2025-08-21T08:29:17+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30277,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (30255)","md5":"02cf95f00794b77df34632e34a59c5be","sha1":"b64889fb6cbe78a141688ea761a627997ef8a8af","sha256":"bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83","sha512":"6bcdddd806b94dc8964c98ed5c8481f1ac5e74c707fe5d48760bd7d2edc2b8b52e58b3d7910d0ae316b3e196924d32734ccd5ffc33377df8de471e43c99fd6d3","ssdeep":"768:+DKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:+m8uPW43zEIOvdlUU","tlshash":"23d2c68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","first_seen":"2025-05-14T05:06:37.193247Z","last_seen":"2025-08-22T06:38:14.178861Z","times_seen":1811,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:48.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:48 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-61fe18f8fd44472bd2147e4bdd0fae18-b2d39c1ba7ac9e7f-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1989\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:04:39+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-04-06T04:37:31.841238Z","times_seen":10364,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:49.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:49 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-de404eba55a3b255d6254068f4c5661a-9a2ab847f4fc9b3a-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1990\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:04:39+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-04-06T04:37:31.841238Z","times_seen":10364,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f9dd3fbc2d.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f9dd3fbc2d.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-b53b00d43d7c783d0f7b290debd3c787-d644b5d5f6b6580c-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:45 GMT\r\netag: W/\"7eb4f3d4c97ec66a32269ae3b07d7653\"\r\nx-amz-meta-mtime: 1755084576.638097548\r\ncontent-encoding: gzip\r\nexpires: Thu, 14 Aug 2025 11:33:42 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 46001\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:50:58+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11025,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (11024)","md5":"7eb4f3d4c97ec66a32269ae3b07d7653","sha1":"e31f7fc270a78d455c90a57d8c365bccf6ebdfb0","sha256":"542ed6b44d2771468d5e5d4c77dfddaab1f7d4169bf692a087c56f024d9813dc","sha512":"02195935d732af0ae4dceecb4677bcb4ad90d284dfbd27a707ee927fc587fb3a9bacc8bd8cf315ee025b67d1a53b33fb0e9ced17d24ea019deb2a0be9765ec37","ssdeep":"192:mLhA5ZO73iyDDW7qE/eVgnmnh8RbxJEU4PuiPBvDDQ7qOtIZ4Io:QAXOLisDUqE/Y8RbxUuwBLDCqOt24v","tlshash":"cc3226adc9e495231d26b5216388be7c85f0f06aee314e55f80ec6104ad3f9f15e0e79","first_seen":"2025-08-13T23:36:01.800779Z","last_seen":"2026-03-04T04:00:43.402045Z","times_seen":3922,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":178,"dns":33,"connect":3,"send":0,"wait":1,"receive":0,"ssl":145},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cb1d9e7981.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cb1d9e7981.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 691\r\ntraceparent: 00-9859f7e6350627d6ed11af8c310e6e45-59ebab09460f9f0c-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:45 GMT\r\netag: \"3ea42bfb968caea0b076b03fb4342622\"\r\nx-amz-meta-mtime: 1755084576.650098521\r\nexpires: Thu, 14 Aug 2025 11:33:42 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 46001\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:50:58+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":691,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (690)","md5":"3ea42bfb968caea0b076b03fb4342622","sha1":"41b35147d293c5683aa5943414da17e817a72e8e","sha256":"64f7ee1492492bf214851154b9ed0d4942bc47b4d35a3c3017a59eb4e6fd8c65","sha512":"1c6b02125d478af7a8afa1d61b29228856d1859cc14da2b383e223c33b6decfb6885c7224f924245ce7a1d159a1d6f1b1bfb787c6e69f96dda2e2c129d89a565","ssdeep":"","tlshash":"9101d41f762dd1b80fb781c02e906ae53412ba26ca0620cbf877c2346d8e7032b9056f","first_seen":"2025-08-13T23:36:01.822265Z","last_seen":"2025-08-22T06:38:14.139012Z","times_seen":232,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":120,"dns":30,"connect":6,"send":0,"wait":1,"receive":0,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-48300d02f34ab4f2a5ed1aa5ac0827b2-3e67d5a0c64ebe85-01\r\nlast-modified: Mon, 30 Jun 2025 14:06:32 GMT\r\netag: W/\"26f10f416f0a3743c3362a51dd558a4b\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Mon, 11 Aug 2025 05:59:51 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1544\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:11:55+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1202,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"26f10f416f0a3743c3362a51dd558a4b","sha1":"6b458c43b5e31fc0515de1eb1a0e535855a3e936","sha256":"8374658000ae2d2747471b9535397e6de0c036d4e1a767a2a523047f8d06cb73","sha512":"1a6b1e740800f48106a46ff15b36fdeaec72cb4fa2e7a06957a52609f7b5481f1c0bca9e6a07a4112e0a1dbc75918e78fd5085517dd0051b4546b84338715321","ssdeep":"","tlshash":"d7210aa71034073e9d132b2bad3f929006c0485052e8b487379f39fb37ccd949e6d6aa","first_seen":"2025-06-30T16:12:32.415153Z","last_seen":"2025-10-15T02:35:25.221046Z","times_seen":2212,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/bff-api/config/group/get?groups=d.technical\u0026lang=en","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=d.technical\u0026lang=en HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nx-geoip2-country-code: ru\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1920; che_g=c7d83060-e0e4-4de6-a339-92feb323de09\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: application/json\r\ncontent-length: 766\r\ncache-control: no-cache, private\r\nserver-timing: dt_total;dur=0.013, bff;dur=48.52, wf-uht;dur=0.067\r\nx-dt: 1305\r\nx-pod: R-pxml9\r\nx-time-ng: 0.053\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":766,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"43dd4364e5db7e8b796b6e64ecf8d92e","sha1":"ae418d7ceaa6e3bd14830233a3c2b7259fa6349e","sha256":"2766dc2c66fcfd1b467ac9e07ee73ce2e92ce02bd6e8d9e1d5d772da8f48fdc1","sha512":"393c487f68da86e423dfa68887d6e6790531491a8a5730e7e5b0088fbc71b6bf5bc752e12066e1d5f3aac86352d884f89f60221bca76294527cc94299123fac4","ssdeep":"","tlshash":"7a01b55e50a5ca3d7068063adb829e109eed501b3254b941fe0ca89c60d2ddef95180f","first_seen":"2025-07-22T22:41:07.462727Z","last_seen":"2025-11-01T08:55:25.824855Z","times_seen":143,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":96,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/hd-api/external/assets/hdf.js","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:48.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"GET /hd-api/external/assets/hdf.js HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/en/block\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1280; che_g=c7d83060-e0e4-4de6-a339-92feb323de09; SESSION=e14e5d7e1361724d77d4b74f02ac180d\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:48 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 1687\r\ncache-control: public, max-age=300\r\ncontent-encoding: gzip\r\netag: 0009b06af6892358f6c573335f102046\r\nvary: Accept-Encoding\r\nx-dt: 1307\r\nx-request-guid: b863415034233cc6207aa6d64af35c56\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.005, wf-uht;dur=\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4203,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"C++ source, ASCII text, with very long lines (874)","md5":"0009b06af6892358f6c573335f102046","sha1":"cb899ce5fb6756d389a12e5049f2180dec2366ed","sha256":"540a50ce4665aa5a15e6afcdf7a260860e1896e77955c7ed128d1e6489bedac3","sha512":"83e9ce72ca4725bf501fe711538455aaa2fb278095d4d3938615b1907416446b8a8ed1f4f34fb296ea4c9a6d6b6e0fecbe31afa240305e7d23baa4145b2cd1c8","ssdeep":"48:Pen1yuqKi6649JoXznZwhU6fINwld0mPr6eC5/F6ALWBl/NR3vMNNeEcxHb8JiTP:Y1yuqKioolwHgObfENerHbkiTgRx05","tlshash":"d581323660ee2d3153639052d53fe5e9f229a8073968ec4831fc588a0f40f6189b2e3b","first_seen":"2025-07-24T09:34:40.995531Z","last_seen":"2025-10-16T23:35:31.258248Z","times_seen":2029,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1707728419/stub.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:50.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1707728419/stub.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 22 Aug 2025 00:37:50 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 12 Feb 2024 09:51:01 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"65c9ea05-186\"\r\nExpires: Fri, 05 Sep 2025 00:37:50 GMT\r\nCache-Control: max-age=1209600, public\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je58k1v897130004za200zd897130004\u0026_p=1755823070052\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104948813~105102050~105399921~105399923\u0026cid=360532931.1755823071\u0026ecid=717819152\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AEAAAAQ\u0026_s=1\u0026sid=1755823070\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-786689.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=scroll\u0026ep.optimize_id=GTM-5R4MT54\u0026epn.percent_scrolled=90\u0026upn.ref_id=1\u0026tfd=12891","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.34.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:50.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:34:03 GMT","end":"Mon, 29 Sep 2025 08:34:02 GMT"},"fingerprint":{"sha1":"A2:8A:24:AD:51:7D:A4:62:BB:34:6F:C9:21:A1:B9:E1:2D:A6:0E:C1","sha256":"9F:B9:94:8F:84:D3:44:71:A7:81:72:C8:80:4D:14:02:E3:E0:30:0C:F1:17:27:83:00:82:D9:C3:68:D3:B3:AF"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je58k1v897130004za200zd897130004\u0026_p=1755823070052\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104948813~105102050~105399921~105399923\u0026cid=360532931.1755823071\u0026ecid=717819152\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AEAAAAQ\u0026_s=1\u0026sid=1755823070\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-786689.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=scroll\u0026ep.optimize_id=GTM-5R4MT54\u0026epn.percent_scrolled=90\u0026upn.ref_id=1\u0026tfd=12891 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://1xlite-786689.top\r\ndate: Fri, 22 Aug 2025 00:37:50 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0\r\nreport-to: {\"group\":\"ascnsrsggc:158:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T06:11:46.020773Z","times_seen":13409077,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":36,"dns":0,"connect":9,"send":0,"wait":20,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-5da3163fabf2c24e4648c269da167f54-b07d912bea92ff8c-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1980\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:04:39+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-04-06T04:37:31.841238Z","times_seen":10364,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 1ece50b1-c819-4882-855e-ad43388da442\r\nContent-Length: 19\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 2\r\nx-dt: 1305\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.088, wf-uht;dur=0.014\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-04-06T05:11:39.684757Z","times_seen":227965,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":43,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1305/desktop/media_asset/66417e83eefedfd14ae41c611b4dc5f2.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-1305/desktop/media_asset/66417e83eefedfd14ae41c611b4dc5f2.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-7805d39cee6e6a50f0aa5a87971387f7-cd23a0c6a69c2e46-01\r\nlast-modified: Thu, 27 Feb 2025 09:05:21 GMT\r\netag: W/\"811ce3b7877d19901e45430cb6523d62\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 21 Aug 2025 11:36:55 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14232,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"811ce3b7877d19901e45430cb6523d62","sha1":"16a905115a678fdef3923f91c6f76cbab613e84d","sha256":"10fbb74dbac63abfe9c4f5a77abc03757ef3527a479d4ae70dc977b515eec8cb","sha512":"21a43d793bd4200ff9972a793442fe492b6a1699f20053c4f01695f69f918685bf30f03f778346c2f61bac40d2e51bb25360d0ffc15448200c666ab4edf38e65","ssdeep":"96:BDkGHVTSY15XWGsQfGJo/JamRKkmP9kDeD3LzwCyi8TunZh:bVTS1KXR9RKkekDGoCyXOD","tlshash":"59523d65f6f40c33113b98ae65f76a8953948f07aa6d7c293b9c2b4c1f1462e0076d3e","first_seen":"2025-02-27T19:55:39.119779Z","last_seen":"2026-01-05T12:50:32.841809Z","times_seen":4543,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-4d3d12aae8.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-4d3d12aae8.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-ceadd58bbb87eaab0f03e8736765ee9f-f11fc51d5714c4e9-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:45 GMT\r\netag: W/\"62167edc20168f6fa51af1a7708970b9\"\r\nx-amz-meta-mtime: 1755084576.647098278\r\ncontent-encoding: gzip\r\nexpires: Thu, 14 Aug 2025 11:33:39 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 45906\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:52:34+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32891,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32282)","md5":"62167edc20168f6fa51af1a7708970b9","sha1":"a2a70bbd2fa4d559f3bfd5c990c52d70ca1fa00e","sha256":"0a8a013fe888e43a15d77c2d76f23b5c42e4ed24bd4647b604441447969a6e6a","sha512":"3b728b4fa3fbbb0b55f9863da42c177b27c7d177a252b7ee6f39a073a390fdc3afc15abf819cc2fa24624d7f595fa90909e4328e0b4d61cb294a997a79a37591","ssdeep":"768:HqLxGO7Hg1DWcd1TL2Dry3qZUkqx2YZkYh/xplG+pI7wzPa3jH4LB2jX9OMVu2V7:KLxRHg1y9qnPa3jH4LBs1ZqVRFWco","tlshash":"bee2c47434abb0b420da6a586739bd52d6c81f5fe84afcd251cf89e613d704880527fb","first_seen":"2025-08-13T23:36:01.858221Z","last_seen":"2025-08-22T06:38:14.146907Z","times_seen":135,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_9b848ba427b59305d3df2cf0bc5dd080.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.707Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_9b848ba427b59305d3df2cf0bc5dd080.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-53dd8e7708768005931851825cae2ca7-526fdb63e6cd4dc7-01\r\nlast-modified: Fri, 18 Jul 2025 16:06:55 GMT\r\netag: W/\"c557f8f9061794bef4f6b3a5f96cbbb5\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Fri, 18 Jul 2025 17:34:19 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2561\r\ncache: HIT\r\nx-cached-since: 2025-08-21T23:54:59+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2352,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c557f8f9061794bef4f6b3a5f96cbbb5","sha1":"11add862eba30ce83a5f5c71ba4c53b305fd1774","sha256":"bf6a49d0686075ed43f0babe55f6b983cd8a2db79da3f31cc36c9f4d192130d5","sha512":"fe4bcb92b635b15ad1dfe2fed7b19c5bc14523a435815bb2cd572b20cf4b27150293acdee78753bcefa52eb6505124e20a4b46465fa161f0ad7841716909cc9e","ssdeep":"","tlshash":"b941745b733c55e5392841403d0d6d6a7b520168be9161c8fa8cdc9d332f8cae23b62f","first_seen":"2025-07-18T16:37:04.820544Z","last_seen":"2025-10-30T11:47:43.214083Z","times_seen":2348,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/hd-api/external/0198cf35-d409-711f-9865-8bfc3f9ae641.js","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:48.174Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"GET /hd-api/external/0198cf35-d409-711f-9865-8bfc3f9ae641.js HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1280; che_g=c7d83060-e0e4-4de6-a339-92feb323de09; SESSION=e14e5d7e1361724d77d4b74f02ac180d\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:48 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 102332\r\ncache-control: private, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-dt: 1305\r\nx-hd-trace-id: 9602c9b6-86d2-48cf-b7f2-ae1e9066b5ea\r\nx-request-guid: 7c5a2ebf3380e28eca2e6cfbda70501b\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.009, wf-uht;dur=0.022\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":350159,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"bc778ed0435ca180b2cb841d086ddd62","sha1":"043dfaf351a8b7a3ebbe2e4ea0e962cb1a621613","sha256":"fecd6ff2a94221d1402ca3d6216547ab37c2465cb716d54e10a99b77e777db0d","sha512":"435b6610d0e688b8f340ff2dd09b188f081551e7af272495662f894a52e810d55f09e45d5021fd7d4b8e6f7be8eb074d327f3654961418acc03b71de10697c20","ssdeep":"3072:0m9C80i0lOxS4RJqcvKZdCupv/Gbfbkm4q1kwj29LAUKG+A4ArUF:0mr0lObHvKZtpXGbfAmUwi9LrUF","tlshash":"d87481c4e0c1c080b3d11cacbe757dd9699d2d866aded9a89e41fd8bede023c9568433","first_seen":"2025-08-22T00:38:10.350637Z","last_seen":"2025-08-22T00:38:10.350637Z","times_seen":1,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":51,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:48.973Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:48 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-907650adf4ef952ef5111c36a42b3e2e-d18fd44848df6ee3-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 416\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:30:52+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-04-06T04:37:31.820168Z","times_seen":10238,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/analytics-33ae8256.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:50.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/analytics-33ae8256.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:50 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-99ce95dbf00695c07733e4228bc418b0-d88f2814a84068a7-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:58 GMT\r\netag: W/\"3fe69d9a9d3378c34373ce91ccbea12c\"\r\nx-amz-meta-mtime: 1755767336.915798458\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:41 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54736\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:34+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8845,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8845), with no line terminators","md5":"3fe69d9a9d3378c34373ce91ccbea12c","sha1":"825f24611adf78dd2e758a0b918b0233af1460c1","sha256":"e4710a6961f805edabdbaf5f5c81b0bc7f828c8621b1e7881ae8fe6352e42c39","sha512":"89a226481d13a4471e65fd1ed1f4fdb7544d5e22dd900db0041bb7dd2be26242a25cf90d2ec3501edc11c99711d737ab5e61a53fa3fff9a6423a30be2fb2f7d3","ssdeep":"192:6vO+jPZxnEW5+vsj33Veo9KshuUWaqwKWJ3vQ9OE7PQzhVvOSRxGZkm:2jPZxnEW52a3VeoAbUWaqwKWFQ977Pie","tlshash":"6502968dbdc8e43007ba19f8e67b9a0ae07a17173405c451caead8c43d7ea8f5117e9d","first_seen":"2025-08-21T09:34:57.467867Z","last_seen":"2025-08-22T06:38:14.138055Z","times_seen":22,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: image/png\r\ncontent-length: 653\r\ntraceparent: 00-2837ddee9f22c0c3f97a7b6ab4cd6bf0-cf6c25063807ab9a-01\r\nlast-modified: Wed, 26 Jun 2024 08:18:02 GMT\r\netag: \"e6f0766cbd95db33da44e7a9140648f2\"\r\nexpires: Thu, 16 Jan 2025 10:46:36 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1167\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:18:12+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":653,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"e6f0766cbd95db33da44e7a9140648f2","sha1":"5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf","sha256":"c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0","sha512":"249da39baba03408de98c7fa9a9342ef120436037ab6245b3b4a5f1a206291caaf67481c6ed67064544576697d41ab82499abffec998d837812292a050bf826a","ssdeep":"","tlshash":"90f083e032254a855c02ac7fc33414448fb226cc3682bb09e012887119d24a79dd1368","first_seen":"2023-04-05T22:56:35Z","last_seen":"2026-04-03T12:07:45.643999Z","times_seen":6597,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_7fab30e1ce.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_base-app_7fab30e1ce.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-a57105523c7bf5449e5be254001844d1-0f2f9b2e1bb4d6e6-01\r\nlast-modified: Thu, 21 Aug 2025 10:55:01 GMT\r\netag: W/\"4fbe436d6dca63cb849c9aec4a82d7da\"\r\nx-amz-meta-mtime: 1755773613.671598686\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 10:56:01 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.007\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 48729\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:05:31+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1419312,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (23471)","md5":"25ccb3b432b0ff47ef6c06a5d345d517","sha1":"6d3918babdd7a62163af6f15cdeb6a801d94b5e2","sha256":"da71cbc765b2e38fa690ef246191eb2c8bccb4609c13577148d1c2afc7035689","sha512":"8cc67203201304eccaa53d739f7b58b6183aa5301c81f913be02633ad46662c567897398ad8eb68e202bf29cfdb1e0f10764040895c694b7cd0a3511ec24e2d2","ssdeep":"12288:xMTgLaj/Yv70ifFAFnayGV5CFaFIx38rq53EmFHX4VHxw8:GKaj/Yv79NAMyGW3Uq53v41","tlshash":"a7257d49b066b8122dd748e790370643b29c1a6e8455f8a0f5fadcf8378e914639fb7c","first_seen":"2025-08-13T23:36:01.77238Z","last_seen":"2025-08-22T06:38:14.135619Z","times_seen":243,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.117Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 5202\r\ntraceparent: 00-521c299dbde3c411382d60ddcf36d05b-a9fe6233b0cf5de1-01\r\nlast-modified: Wed, 26 Jun 2024 08:22:59 GMT\r\netag: \"b9a636eef54b2844b571fe7de49184a7\"\r\nexpires: Mon, 11 Aug 2025 06:46:57 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1006\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:20:54+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5202,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 514 x 514, 8-bit colormap, non-interlaced","md5":"b9a636eef54b2844b571fe7de49184a7","sha1":"bf653690790ced40eb3189da075a275d951d1607","sha256":"001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743","sha512":"7b288a27a69c91697042ebb6f80f48cf25e0c6260620ee8f4b0e7afa75430b95c394c3f284445e0628b347341b89480e2e7098510bc07f4db43ecc46d893c38f","ssdeep":"96:561aQaPXOi0Ui/+kgrJtv72TgGuDG9JAsXgQrjQ:470T0PEnv7Sgc9vPQ","tlshash":"56b19e22d46fe4a53230c81b67c1820a1df839c6e72c29d0e8ed4db5e2c8b7f84883c4","first_seen":"2023-11-17T17:46:27Z","last_seen":"2026-01-13T06:38:33.673472Z","times_seen":5260,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-5802216f36548bae342acafa8cc6061f-9f5b8cbf99e26d78-01\r\nlast-modified: Thu, 21 Aug 2025 12:57:48 GMT\r\netag: W/\"1580a3cfe81fd30910a49dfe64cc8e7b\"\r\nx-amz-meta-mtime: 1755781011.215789758\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 21:46:08 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 10292\r\ncache: HIT\r\nx-cached-since: 2025-08-21T21:46:08+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19175,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (19034)","md5":"1580a3cfe81fd30910a49dfe64cc8e7b","sha1":"314144dc49595482ba46c0b85b38d5f73ef73a7b","sha256":"8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035","sha512":"65a68a90c0bbac3609abafd1e200227d970f2a35a5158d699972651cdcdcc4c60e08dbe7e3f605621abb04e016e064f71057c9332d2a4e46dd704aad5ee3196b","ssdeep":"384:yo1wZ1yyQBPgmtk3aNPtFvsddbHyrKe/k43RuD6EgUBBmCWEg4bGy7IbEALvzAdw:lwZ1yyQBDk3a1tF+5E/uDRgQBpWEg2mh","tlshash":"de824be47bb9fd93339840dc80671b53f26948a7844cd074e799ae9330a454385b6bbe","first_seen":"2025-05-14T05:06:37.162459Z","last_seen":"2025-08-22T06:38:14.178048Z","times_seen":1811,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-4e751e736367fc52ea1812f61ef1b2ff-d28ef7f92efc76dc-01\r\nlast-modified: Thu, 21 Aug 2025 12:57:48 GMT\r\netag: W/\"3cf0cae38afae9add22f7884e5061231\"\r\nx-amz-meta-mtime: 1755781011.215789758\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 22:11:14 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 8786\r\ncache: HIT\r\nx-cached-since: 2025-08-21T22:11:14+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21252,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (21232)","md5":"3cf0cae38afae9add22f7884e5061231","sha1":"2a41037501375a439385a76a047876619683418f","sha256":"322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d","sha512":"b61ed44fab86cdc14e9e1b8af7924afec6148d03d878007f89d1beb7a24a1862efaa2d6b43dcc04df35c6920ef742ffc5a59a2434b798554394d3e28f88b7a13","ssdeep":"384:nPP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxu:riZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7d92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","first_seen":"2025-05-14T05:06:37.148925Z","last_seen":"2025-08-22T06:38:14.115567Z","times_seen":1787,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 765\r\ntraceparent: 00-4a51affbf3ea02976e1a7315ac05aca2-57570e00ed3e25da-01\r\nlast-modified: Wed, 11 Oct 2023 12:52:53 GMT\r\netag: \"00f980f23f1b4c1ccee99ed49e0a8feb\"\r\ncache-control: max-age=3600\r\nexpires: Thu, 16 Jan 2025 10:53:47 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 3579\r\ncache: HIT\r\nx-cached-since: 2025-08-21T23:38:00+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":765,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"00f980f23f1b4c1ccee99ed49e0a8feb","sha1":"4cb07094de9bffff1bf81d94446280b91013b660","sha256":"bb3be3377fbb8e66a4b5a8a3866dfd865a37cb4a96482ab2f439981e03b57cea","sha512":"45587feec47804731eb344682dd7465959a50f2f47e114e332e875097a9e2009d6fe41e8ff684fb287d935fd9c4d12a5b83e1fe310f3ceca6061d569502ac1de","ssdeep":"","tlshash":"80015701129f0ef21b4bc65a940b1c71b2a0c043936b8c8757baeb8f73bbd8b009584f","first_seen":"2023-09-28T10:29:17Z","last_seen":"2026-04-06T04:37:31.847966Z","times_seen":5051,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/seo-module-api/api/public/v1/analytics-counters?project[id]=1305\u0026domain[host]=1xlite-786689.top","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"GET /seo-module-api/api/public/v1/analytics-counters?project[id]=1305\u0026domain[host]=1xlite-786689.top HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nx-app-n: v3-nuxt2\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1920\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: application/json\r\ncontent-length: 47\r\ncontent-encoding: br\r\ncache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300\r\nx-content-digest: encf4b7cb201e71c1f60b6f90e569ae0ea\r\nage: 198\r\nx-request-id: 639a8f0142ff0867440cc9f78e18a061\r\nx-request-guid: 639a8f0142ff0867440cc9f78e18a061\r\nx-origin-server: swoole-http-server\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: p;dur=2.1347999572754, wf-uht;dur=0.017\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d327ba13bb1db5d3bdd1d55a10c9efeb","sha1":"e1e7bcd7effbbd7e7345effa2a2f0f5c7074bb94","sha256":"a3992fa7701216e66dd528a170fbae5d556428c9f6c04290521ca106be88b63d","sha512":"d20f6fa0f2d85467ee34c2761efff2dd37cdeb1c6d1199ea6ab833f51d8366e7ccbd791e90c96081c8164fc9a7e6989a1a891600fc09721f27fc5bfc992c1616","ssdeep":"","tlshash":"069002125a446d64580354844145544240a490588d5262010d5496338128118255176b","first_seen":"2025-04-15T20:05:45.664568Z","last_seen":"2026-03-27T20:45:59.20506Z","times_seen":174,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1305/desktop/media_asset/b85474bb2e0548c28bdd12685c471b54.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-1305/desktop/media_asset/b85474bb2e0548c28bdd12685c471b54.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: application/json\r\ncontent-length: 241\r\ntraceparent: 00-6ad491390773a990fe9d91dab047aa43-a2a818651f7477d9-01\r\nlast-modified: Thu, 27 Feb 2025 13:25:44 GMT\r\netag: \"39257fbb62736206d5245e08925d7b60\"\r\nexpires: Thu, 21 Aug 2025 11:36:56 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":241,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"39257fbb62736206d5245e08925d7b60","sha1":"4c11e3cb6a16b884772b88acdba30a2ad98e86b8","sha256":"3a3cf0f5c60899ffb49d9825516aec475fd7b78cea8ae0b5b58dfb4e658f041e","sha512":"e9b44ac92bbad9c54e500f735f553154c92897c80700709b61b39443f76edbd1d3d38d0d6014e6052cc5f5931b78c55194e308c86336f809de1541efa1e0ac8f","ssdeep":"","tlshash":"58d02e40f2e01833201f94f981b5a109e74b0b03e402a808fa0c21881bac8252426c3a","first_seen":"2025-03-01T06:06:39.04916Z","last_seen":"2025-10-28T05:34:45.039411Z","times_seen":3826,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/2596a4f975.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/2596a4f975.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 404\r\ntraceparent: 00-e680e82b719327a6a29868009b3c00e0-acf4815c106a246e-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:44 GMT\r\netag: \"4d25e2e3f99bb24b71da5724313df8c7\"\r\nx-amz-meta-mtime: 1755084576.64909844\r\nexpires: Thu, 14 Aug 2025 11:33:41 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 45904\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:52:36+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":404,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (403)","md5":"4d25e2e3f99bb24b71da5724313df8c7","sha1":"400d4afda0f0df1be372f7482a047bc642615045","sha256":"774e5169787c86cc1fba0147d62d16d6f6ab42732a141fe5b3dd003c81649eb8","sha512":"d6137ec17e0031009369728d47d5b6592f28be221989c97ec44a50d199f11454baa6000b0114e1aeb2e12eab168a8fbc35777aa156d7f2da7a37a468e49c71d6","ssdeep":"","tlshash":"80e0927bf97270691044c8f9e012ec6163235d9a67e0efa9c0de07304212473e049c71","first_seen":"2025-08-13T23:36:01.840623Z","last_seen":"2025-08-22T06:38:14.132413Z","times_seen":135,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/block","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-22T00:37:38.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"GET /en/block HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 203 Non Authoritative\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:38 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 300879\r\naccept-ranges: none\r\nserver-timing: dt_total;dur=0.003, total;dur=327;desc=\"Nuxt Server Time\"\r\nset-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwxMDkwLDEwOTMsMjE5MSwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyMzQ1LDQ4NCwzOTUsMjMyOCwyNDAyLDIzMzIsNDc0LDQ3NiwxMDA2LDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDEzLDI0MzQsMTA5NiwyMzUxLDc1OSwyMjI4LDIyMTQsODQzLDg0MiwyMzUyLDc1Niw3NDcsNzQ4LDU0OCwyMzUzLDI0MjUsMjQyNiwyNDczLDc4NywyNDQ2LDIxNjMsODM5LDc4Myw1MjUsMjQzOSwyNDQwLDUyNCwxMDc1LDI0MTYsMTA3NCw1NDksOTQzLDUxMiwxMTE3LDExMDEsMTA3MywyMzEwLDIzOTcsMjQ2MywyNDUyLDIzNzgsMjM4OCwyMzg5LDIzOTYsMjQwNywyNDEwLDI0MTIsMjQxOCwyNDIwLDI0MjgsMjQzNSwyNDY3LDI0NTEsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMjQzMSwxMDIyLDEwNDAsMjQ3MSwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyMTc3LDIxNzYsMTA4Myw1MzEsOTkyLDk5MCwyMzQ3LDEwNDEsMjM5OCwyMjAyLDEwMTgsMjQ0NCwyNDcyLDEwOTksMTA4Miw3ODQsNTU3LDc3OCw3ODIsMTksNjU2LDIyMjAsMjI5NF19; Expires=Fri, 22 Aug 2025 00:37:38 GMT; HttpOnly\nlng=en; Path=/\ncookies_agree_type=3; Path=/\ntzo=2; Path=/\nis12h=0; Path=/\r\nx-dt: 1305\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"203","status_text":"Non Authoritative","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}],"data":{"size":300879,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (57272)","md5":"f02928367f273e64db082ffbf5596bde","sha1":"9a0ecf87af1884338220060876ca59fa343dca39","sha256":"42f21a2e5c747de1e48254dadeb79b2eaa2a7ca26bfe94a1d22baaaadca37d15","sha512":"85e950d5aba1f7384164ec8464e570c53942417e06ee276a6cde3e3fe9c21f56f4ff59050fca79e670a387930018f6b51f34a0b0370270e32e1f6c9f0392847d","ssdeep":"6144:fEO1mFV75xWt5JkyunibMhYIpeYyweg7WAgbLDjzF8L:fEO1mFV75xWt5JkyunibMhzpeY8yZyFK","tlshash":"cf54c52fa90c4d3e561f1a76854f7e4e5b7cea1a349b2d05dc6dab6810d368007a383f","first_seen":"2025-08-22T00:38:10.358228Z","last_seen":"2025-08-22T00:38:10.358228Z","times_seen":1,"resource_available":false,"data":null}},"time_used":509,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":403,"receive":106,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/app-8719b2bd.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/app-8719b2bd.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-2a9245a2a986ca329e14b282d7263151-e6bd36d122d5b3b1-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:58 GMT\r\netag: W/\"44c8de9986669e2f17f85160d1c16291\"\r\nx-amz-meta-mtime: 1755767336.915798458\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:35 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54738\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:21+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":484183,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"44c8de9986669e2f17f85160d1c16291","sha1":"c47171434737ec261d7613fc6bd7562093591f96","sha256":"f47ef0fb24f1ee021b5bdb56c0b0f0dcc07f86faddea059555ee7acb3ec6b919","sha512":"6b7ab7c419c918beb457034e13472c3136b3757f6ec7187a9d636cfdecda939b897d0a6a1f4de4f2bd7becbe1849cd6d5ed20f6128b68411d486196b35bb0b55","ssdeep":"12288:QhecY+CZdsb0B69dgC7jcupMA7zZfk0Pn:QhrYHZdOgC7jcupMA7dH","tlshash":"54a45c65b588f4ca02f34bdae03a0161e33916b9380dd064f77dedca359bc09916a67f","first_seen":"2025-08-21T09:34:57.458406Z","last_seen":"2025-08-22T06:38:14.172275Z","times_seen":23,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/vendors/plugins.vue-notification-0ede4374.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/vendors/plugins.vue-notification-0ede4374.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-f2c88bc0ed28b0ed6bef7d980fa5ea9d-8ebb5b1b186a9748-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:59 GMT\r\netag: W/\"6be5014f978fc8c37c34ea51e7a0e4cc\"\r\nx-amz-meta-mtime: 1755767336.93479853\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:38 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54736\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:23+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12563,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (12563), with no line terminators","md5":"6be5014f978fc8c37c34ea51e7a0e4cc","sha1":"bd6f576d96d945d525cc8cfcb6233b8b5ccbdc17","sha256":"e081382d67adb88fe151bdfb4fb6f2d6392d6225cbbf7c6845816bd042e9f43d","sha512":"a64fc910ddd633045de6663eda45300745b591e05f97643aa7723d00358f5acdab51762f41e05cb973af60369a310d0ee02a7bda8d8814c99fc17c1cc57faedd","ssdeep":"192:nU1hQXHv3CbfKpqEVwhSIkrReP+SdHtfGA2D3ow5EE9bJ52bFZLy2mp4ilVh:nn3CmpcDkAP+S/fGAWf5VbWbLy2mmijh","tlshash":"c14296ceb2c2b4650be760b6402f110af136a96869ab54d4f3b1d4f2adb564c413bf3d","first_seen":"2025-08-21T09:34:57.532791Z","last_seen":"2025-08-22T06:38:14.123893Z","times_seen":23,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/css/7fe5f71b.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/css/7fe5f71b.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-96466f37a90aa2b625d82c40874e7be3-69f329934cd71521-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:59 GMT\r\netag: W/\"c610b8710368de3bf2f1c5bb581b6a3a\"\r\nx-amz-meta-mtime: 1755767336.919798473\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:38 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54736\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:23+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3313,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3313), with no line terminators","md5":"c610b8710368de3bf2f1c5bb581b6a3a","sha1":"f67bc86785d434adb2e81a356a7926b8818ac567","sha256":"fad7111846310042401990719146401178f22e2618abf2b058e641b6495e8eba","sha512":"2dfecbd28b59bcf4b361736ce304f33792631b766506b80767f23033cbd37c1a83371af59b833032390f647b69824e9eeeb1f99530e18047f74cd30ffda0e5b1","ssdeep":"","tlshash":"0161c13e9cbc24359e7f472b7053ce84e199a39092030f8afdbb755a4c8b21d3895176","first_seen":"2024-05-14T21:30:49Z","last_seen":"2026-01-22T06:40:31.190981Z","times_seen":5786,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_6532f52674837885437d0c36e7f2e9fa.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_6532f52674837885437d0c36e7f2e9fa.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-6905ecb37c42e7b22e03818be0859f1f-ea699f91da0e32f2-01\r\nlast-modified: Fri, 18 Jul 2025 12:07:12 GMT\r\netag: W/\"ff494c258f5860173099ad3e5239fc34\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Fri, 18 Jul 2025 13:34:07 GMT\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1992\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:04:27+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9639,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ff494c258f5860173099ad3e5239fc34","sha1":"a9e8142f1fb22d54008215268bd107f33880ab68","sha256":"1be6ea961911a3d68be1c53da90c5d29a372252eef7be68178d35c43fba20ce1","sha512":"2c95793e5722e411c0e0e68949eded3263d3e4f78b5d22a37afaafa33f1b51f87566216af1102a89824ef3f3af9a836b105909a0b7d308102bb255dddee0fb22","ssdeep":"192:HvhX8mmq4spyU7SKi5mz8jrUoIOFJM1YABslAByZhqV+2p+QvM9pKTp:HvhX8mmqdsU7ziUmJM1YABsOByZh4nMM","tlshash":"4112f11a817a0c57cfdbca827c495b5ce3a409b446b94c6d8cf9c23e03a2765d7af354","first_seen":"2025-07-18T14:10:38.030956Z","last_seen":"2025-08-22T14:22:43.540938Z","times_seen":540,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/hd-api/external/verify","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:50.025Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"POST /hd-api/external/verify HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 191421\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1280; che_g=c7d83060-e0e4-4de6-a339-92feb323de09; SESSION=e14e5d7e1361724d77d4b74f02ac180d\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:50 GMT\r\ncontent-type: application/json\r\ncontent-length: 607\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-dt: 1305\r\nx-request-guid: 2e845f7495d29e1c1dcbd45d14950b11\r\nx-time-ng: 0.014\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.008, wf-uht;dur=0.027\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":742,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3893229e4f51a2fc94c1ee5058c354eb","sha1":"bb25b0925419fafb87bcdf08f4132a7345fcd209","sha256":"b16fc119c666532de7723c3d543c96115f79d35f50a55bc2e97aeb536d708936","sha512":"7bd0df350ee2f25776b61a14e653c6868a52c20c7ec3443950cbd721ba9f1628b63ec2ac6a755799e68f3f636a5520234b36b86e513e0cabdfa275a5b147cf6e","ssdeep":"","tlshash":"9e01b57c60930e7a79d0f28f8500e83aaed608c09cdd112aa4b3dd0fb821269503f0f1","first_seen":"2025-08-22T00:38:10.361176Z","last_seen":"2025-08-22T00:38:10.361176Z","times_seen":1,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":0,"dns":0,"connect":0,"send":57,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/vendors/plugins.vue-js-modal-90115157.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/vendors/plugins.vue-js-modal-90115157.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-60b35687a111d58c6808f6d6393373ee-7b460f0316de73dd-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:59 GMT\r\netag: W/\"bb819ed6671bbfe1e3f783ad8d3962bf\"\r\nx-amz-meta-mtime: 1755767336.93479853\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:38 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54735\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:24+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26667,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (26667), with no line terminators","md5":"bb819ed6671bbfe1e3f783ad8d3962bf","sha1":"71a904a18f49cffb7c910f6aa81648cb82226184","sha256":"56f91340b5519bc8d162505447736b9515e5a4eaaabc2fdef760fcfe07ad188a","sha512":"bfbb99cd9edf8a79d5d641f2394248dfc601115a562e77faf5920e30f1d3f911e1db58f193ac791310f3ee94398d75e27cf7216e9a908ff32e6dab30a3706df7","ssdeep":"384:CGBy0a9vOeCGAZIXfK2rVsAdm00uow4HQEjacGXGQVe6ubq0:CBHyIXfPt4wE9GXGQcbq0","tlshash":"0ac2288977d8307442db5573627f2b0ab23a295474269888b772e8e65cb864d206ff3c","first_seen":"2025-08-21T09:34:57.52044Z","last_seen":"2025-08-22T06:38:14.114431Z","times_seen":23,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 865\r\ntraceparent: 00-133654352ea704c3cac98ee967c9caea-57f5754c4668de6c-01\r\nlast-modified: Thu, 21 Aug 2025 08:11:41 GMT\r\netag: \"0af3fe0c072a5bb3b6c731767187982f\"\r\nx-amz-meta-mtime: 1755763815.410004959\r\nexpires: Fri, 22 Aug 2025 08:29:17 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 58103\r\ncache: HIT\r\nx-cached-since: 2025-08-21T08:29:17+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":865,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (840)","md5":"0af3fe0c072a5bb3b6c731767187982f","sha1":"55db5afb57265dc92fd121fe9ae565ffb2f53b2c","sha256":"655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30","sha512":"8aab8cafc0b01c11f0b3b4bab4cb8b00ac25007153fd86b45ac8bfe325109c1a5215e89825fde4d7698a64f6c549e8140ed441ddb558d98a5654d52df9d568be","ssdeep":"","tlshash":"a41159c232e3a0d1c3e058cd1001d902f23969e9e4bca0c9d757e6b83cb2a53987672a","first_seen":"2025-05-14T05:06:37.184748Z","last_seen":"2025-08-22T06:38:14.125712Z","times_seen":1811,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/efb3cf2e20.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/efb3cf2e20.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-9a50c4961d9fb5999cfc77861da5d711-46aef3d90129976b-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:45 GMT\r\netag: W/\"e1064875c52ddaba0c71a7bd1b6aa0ab\"\r\nx-amz-meta-mtime: 1755084576.647098278\r\ncontent-encoding: gzip\r\nexpires: Thu, 14 Aug 2025 11:33:41 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 45904\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:52:36+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1973,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1972)","md5":"e1064875c52ddaba0c71a7bd1b6aa0ab","sha1":"d4487505d1036a6244b3c17eaf01069b01356998","sha256":"db744e9cd808af07eeaf645d73cf71fa834602913130bfb3209324a3fdad8842","sha512":"b8ed041179385df219030170777b00e32cbc70637d9951c47ca4e5b48b1905f8b3281a9ca3f2ec3e358c6ce89649fcc25cb044460cac3e583779f2d62a173793","ssdeep":"","tlshash":"f641c8da72b035f3e277505dbd0620f0c3182a4d032f10e8ede9484e210d9d26767b93","first_seen":"2025-08-13T23:36:01.8758Z","last_seen":"2025-08-22T06:38:14.18096Z","times_seen":135,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:49.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:49 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-f1f37d6a7f1c7e7b779fdd2bfc4a6c45-874810ab4a07c9ac-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1990\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:04:39+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-04-06T04:37:31.841238Z","times_seen":10364,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je58k1v897130004za200zd897130004\u0026_p=1755823070052\u0026em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104948813~105102050~105399921~105399923\u0026cid=360532931.1755823071\u0026ecid=717819152\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026ec_mode=a\u0026_s=2\u0026sid=1755823070\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-786689.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026ep.optimize_id=GTM-5R4MT54\u0026tfd=12892","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.34.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:50.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:34:03 GMT","end":"Mon, 29 Sep 2025 08:34:02 GMT"},"fingerprint":{"sha1":"A2:8A:24:AD:51:7D:A4:62:BB:34:6F:C9:21:A1:B9:E1:2D:A6:0E:C1","sha256":"9F:B9:94:8F:84:D3:44:71:A7:81:72:C8:80:4D:14:02:E3:E0:30:0C:F1:17:27:83:00:82:D9:C3:68:D3:B3:AF"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je58k1v897130004za200zd897130004\u0026_p=1755823070052\u0026em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104948813~105102050~105399921~105399923\u0026cid=360532931.1755823071\u0026ecid=717819152\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026ec_mode=a\u0026_s=2\u0026sid=1755823070\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-786689.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026ep.optimize_id=GTM-5R4MT54\u0026tfd=12892 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://1xlite-786689.top\r\ndate: Fri, 22 Aug 2025 00:37:50 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0\r\nreport-to: {\"group\":\"ascnsrsggc:158:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T06:11:46.020773Z","times_seen":13409077,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":34,"dns":0,"connect":11,"send":0,"wait":18,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/main-static/89eefdd8/check-ob.js","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:38.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"GET /main-static/89eefdd8/check-ob.js HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/en/block\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 219\r\nlast-modified: Thu, 21 Aug 2025 09:09:15 GMT\r\netag: \"c065700c9c8c493403359e1f2baa10d9\"\r\nx-amz-meta-mtime: 1755767354.252863221\r\nexpires: Fri, 22 Aug 2025 23:28:26 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: wf-uht;dur=\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":219,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"c065700c9c8c493403359e1f2baa10d9","sha1":"4630fe729e70bdf63fa7ba6c84ec277fd1f51030","sha256":"1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4","sha512":"b2e1c73cb94f5e3ceb35c3662bf4d72baf800a9a7c64318b1db07d50e9c885dbd94821ef3b3916d1b8b4fabb8f45cb588834b41c6a8a7f4d2c3e9c3866083ee7","ssdeep":"","tlshash":"96d0a79fb900211406939267d12f8668807724973f008182500597e069b8f4c4b37895","first_seen":"2024-07-17T14:33:52Z","last_seen":"2026-01-22T06:40:31.153166Z","times_seen":6298,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/metadata.json","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"GET /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/metadata.json HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 1ece50b1-c819-4882-855e-ad43388da442\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 43\r\nx-dt: 1305\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.110, wf-uht;dur=0.008\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"02764095b5a052d077f69a3d4383de6f","sha1":"05c2ddc9a3318060ed033fb34237f1dca3febf97","sha256":"67fb86ff99a165f36d34c449d8e44203d96333188b7377c56abe894588d4475f","sha512":"7e6d883800d0cb3e7a658080149fb1b9b4e353fa2cf7bc1a7deddb25aec16bcd670cd1572837713c8b187f3f635748c69418bbbaedf1cf8f753783a68a4fc74a","ssdeep":"","tlshash":"0490008e888c08ae28202008c22208ac832e02003ac03000f880282c30efbf220ba02b","first_seen":"2025-08-22T00:38:10.364135Z","last_seen":"2025-08-22T00:38:10.364135Z","times_seen":1,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_a02aa196f29187f3417473bc46294bcb.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_a02aa196f29187f3417473bc46294bcb.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-e80f0b6826fef4fd0801b4bc3c461247-fd6b0bf82b351634-01\r\nlast-modified: Thu, 21 Aug 2025 12:07:49 GMT\r\netag: W/\"b8f85cc2103451f8b7b1f6927b05e380\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Thu, 21 Aug 2025 13:23:44 GMT\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 544\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:28:35+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23846,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c4e4b93888a514d3d04af14ad0873a34","sha1":"3613eea6ed6024a59383139d64db0122466ec4fd","sha256":"5048ca6e751743cb5af125f828be451f510460fc3c28748f7f483e9c7498510b","sha512":"332fbf1afbe1ec84af1a65770d481dfd02e10d99cbfcb41dfa202442fcabc197dca3c3ed1b8006d30ee4e9a2a9607368d466dd33dc116f00264394ce326d9c81","ssdeep":"384:i/B1liVEMt6tI0EEfqQ4O4cN86WwTCu9o9V38cdZeXiG+/jtx:Ylirt6tI0EEf66WwTCV/QXiGsjtx","tlshash":"0fb21c08285eeca6c7fa42b874e93bd673f489af1ba16256fc4ca42d2d447d5601f40f","first_seen":"2025-08-21T13:19:56.975451Z","last_seen":"2025-08-26T08:35:26.836571Z","times_seen":122,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-93bb4f6d00f87880b6a32f0cc3272fb0-5884940aac857f62-01\r\nlast-modified: Thu, 26 Jun 2025 16:06:49 GMT\r\netag: W/\"9e075dc2a068d12162e260d49c92f233\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Thu, 26 Jun 2025 17:12:47 GMT\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 330\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:32:09+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4086,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"9e075dc2a068d12162e260d49c92f233","sha1":"9c748240ee9aeeb922f9998005c557517763a979","sha256":"81b3796da635e227e36b1a44c3224d8e0ccda902293beb08f84d870ed3bcee99","sha512":"6572c0bd8d55d4edc9ff8f263ef021d454593330e2f09759a2a26153870083e1d2cc308575d01196919d60a86170bd6b24436163427692b99eed38d0643eac9e","ssdeep":"","tlshash":"13819e0959831ef21abf8e90705e88663be5d06bde1764140fb5c30f3377e93668284a","first_seen":"2025-06-26T22:02:08.124583Z","last_seen":"2025-12-10T17:51:01.422955Z","times_seen":3966,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-ui/2.3.273/Desktop/Default/client.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:38.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-ui/2.3.273/Desktop/Default/client.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-f11150d25b6b8b996207b4211acbd832-d692b28679a61ed8-01\r\nlast-modified: Fri, 27 Jun 2025 13:38:05 GMT\r\netag: W/\"a8a44b273c4f19498dfe5dfbe6d66b5f\"\r\nx-amz-meta-mtime: 1751031482.572809748\r\ncontent-encoding: gzip\r\nexpires: Thu, 03 Jul 2025 09:30:19 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 84704\r\ncache: HIT\r\nx-cached-since: 2025-08-21T01:05:55+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":645724,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"a8a44b273c4f19498dfe5dfbe6d66b5f","sha1":"6d68353f0344e5f497f983d9843493c5cba4416e","sha256":"3a55dbb30fd14dbf83a9bd142e1a2cdff2008b12994f1e1cea74cd55b2c6792a","sha512":"273e8d7d3b18691b6e08821b482381aeea7042cc9605ef88b5fa92a3621d4cb84d32c5398cf45b18dc99a821634052b907edb6ba2b1f0170c52ecdf65c51c74c","ssdeep":"6144:VeAjJKlbYNYHPKNuive9uW7/vrhoi99ET/qvW7hAnUCF:IDoUKi99ET/qveAnUCF","tlshash":"dbd4932cf59dd1353e3be62153885ffc2a20b6479b221c7af459035b1ec365221a2dbb","first_seen":"2025-07-09T10:12:06.30113Z","last_seen":"2025-08-22T06:38:14.128944Z","times_seen":782,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":119,"dns":36,"connect":1,"send":0,"wait":1,"receive":0,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_c5c114.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_css_c5c114.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-d03443f64318cbb681e1633c3b04b0a1-6cb3e8d680968ed9-01\r\nlast-modified: Thu, 21 Aug 2025 09:39:56 GMT\r\netag: W/\"4acc1e0a542c6317d184aa4a7049d669\"\r\nx-amz-meta-mtime: 1755769104.411129293\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 10:55:57 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 48733\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:05:26+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4872,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3727)","md5":"4acc1e0a542c6317d184aa4a7049d669","sha1":"2044dd976f54e34480ca03b0bc12c1e8f72e4f04","sha256":"c5c11499193d6a222362333315b02b2e2b621549ef5159cc0eeab824131e8799","sha512":"bf53b6d96390f8be87802ea193de6c5f99edaa716a08d28487c60ff6f39d7827b38a224779ee606373a20e1c039977f7fadb9a1faa16da77a1d121c0ed2ea171","ssdeep":"48:37e0VsMQbBQhzRVRlHLHYOR81yVwe1HVqkvK5LGsagLGsBTufumKBmSspAM:y0EbBQ77VHY+ju4WQxKufum32M","tlshash":"fda1d9ceb86c8476ae37e82701898d7d4136b9eedd171cadf6db470a04c3e4244658bd","first_seen":"2025-08-13T23:36:01.877906Z","last_seen":"2025-08-22T06:38:14.141394Z","times_seen":243,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":119,"dns":31,"connect":6,"send":0,"wait":1,"receive":0,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/dd25a33e50.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/dd25a33e50.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-bed5b7ef58cddfe98b37897bfc4eca55-8c5165b4aaec06a2-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:45 GMT\r\netag: W/\"e9da682000bf4844a832527bb5cd4f31\"\r\nx-amz-meta-mtime: 1755084576.650098521\r\ncontent-encoding: gzip\r\nexpires: Thu, 14 Aug 2025 11:33:42 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 46001\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:50:58+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2285,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (2284)","md5":"e9da682000bf4844a832527bb5cd4f31","sha1":"0c7d142aa790a8fe8a8c5c636da16af238807b9c","sha256":"3729d1548b083a1afbc0d2e4a0e9aaf2f9e6b72225d2ac9e94938d775128446c","sha512":"57af2cc909ca9d196cf80e0294f5df28e4417ff475e701cbd6e9d88f059dc330efdbc3a805b06f5962d67313a657b70a5eb1b238c1812205b38c279c4c72040a","ssdeep":"","tlshash":"4041a9deac74e5721a33e032d6881eb95470b427c9315ac3f0cde32615c7a921db2ead","first_seen":"2025-08-13T23:36:01.787129Z","last_seen":"2025-08-22T06:38:14.121414Z","times_seen":232,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":119,"dns":30,"connect":17,"send":0,"wait":1,"receive":0,"ssl":78},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/css/51cc9861.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/css/51cc9861.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-9ad0cad21b3965447dd6f15506f7fe85-ed4cd2735a525249-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:59 GMT\r\netag: W/\"834377af0505c51c38a357f5ec2f8e69\"\r\nx-amz-meta-mtime: 1755767336.91879847\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:34 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54739\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:20+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14223,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (14223), with no line terminators","md5":"834377af0505c51c38a357f5ec2f8e69","sha1":"11972f5b1b32025dbe7ec47fb47bea694f38611e","sha256":"8a03855f3c5704c2d2a6670594fc26c00bf143d93ee71f23d35cec94b8001f2e","sha512":"e1a6557bb8d037aaf11ea2deb3711eea38506d9a087945ce269f35f83f932633ec2c7d2f2d97cde17f14982138b8383a3a3874f264b4de2a5d55173b20c19623","ssdeep":"192:vmNOH7nvxxxY4l0tZLJh6N0dt+8yvvo9lvhvuvoUwltoQrNTCALbBQ:vHJxxY4UJJqJQr9CAPBQ","tlshash":"d252a71fd53a92a20d338c52728eff783539722628975235f44d66588ddbbd703d0ba8","first_seen":"2025-08-13T11:06:58.253285Z","last_seen":"2025-08-22T06:38:14.191525Z","times_seen":245,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":109,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1305/desktop/media_asset/4c884b180d8377d110950fdb20ccd913.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-1305/desktop/media_asset/4c884b180d8377d110950fdb20ccd913.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-90926eade2695bfe00d15aad4e2909a4-1b580f468e7147df-01\r\nlast-modified: Mon, 16 Jun 2025 11:27:31 GMT\r\netag: W/\"1a7ec72aad44f9540cb604d7cde5ff38\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 21 Aug 2025 11:36:55 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14466,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1a7ec72aad44f9540cb604d7cde5ff38","sha1":"65e5851d652e0471c213282efb5eeee31ae813db","sha256":"94d4bf6bc00a09b766ea0ba441e860dc40ee6d398be80e89016dd0ee662869d6","sha512":"05c4574c3785992daed7bb3616a938d1d04dc9679132ee8997147a21c32d2dab5537e51060ecce9969c4e2ea5c4ba97299c5f2622a3f6fb097c066e189d37f79","ssdeep":"96:75b7Ba79eu4QWGAdryCiQFpzLJLJeHZVZYpH3UGHSTSSbbGiJinHs:u7kJ2VK3UsyinHs","tlshash":"935246d9bae41c33112b60bdd5f7f91aa3dc1f439d4aa8287eac6d4c1b6050500aed7e","first_seen":"2025-06-17T07:58:23.417687Z","last_seen":"2025-11-14T10:22:49.434452Z","times_seen":2557,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/DC-50bf1a4a.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.983Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/DC-50bf1a4a.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-f8d861e3ef9542e64c7a84154f400dfc-968e4b9ce168a6cc-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:58 GMT\r\netag: W/\"99aa7c76999b304965c84211ff14825d\"\r\nx-amz-meta-mtime: 1755767336.912798447\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:40 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54735\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:24+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2304,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2304), with no line terminators","md5":"99aa7c76999b304965c84211ff14825d","sha1":"97864bca245e8cfb66de1c12de4b8c6376affa40","sha256":"efe5e6e47eed04176a4802424634e40a806948bf804f680844cf22a0dc06bfbe","sha512":"037437af0f44e1473976e451c266f89b03e7e54c74ef739227768764ea23a15b7d24ca917f8494e9a0441d5df9265d5a7ac06a566b1bc42c6cfe322f6108faf7","ssdeep":"","tlshash":"db41850575a4bc1283fa08d819ff7106013bf07a688dca75d7e36ec708a7f66a117d19","first_seen":"2025-08-21T09:34:57.549234Z","last_seen":"2025-08-22T06:38:14.162427Z","times_seen":23,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1305/desktop/media_asset/4fecdbc7d57920745879c843f4c36aa8.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-1305/desktop/media_asset/4fecdbc7d57920745879c843f4c36aa8.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-819f3c49d255d73433f6c293fb9a92cf-bb17262041b34c2d-01\r\nlast-modified: Mon, 21 Jul 2025 00:57:07 GMT\r\netag: W/\"b5a6dbdf3f12e11d0c5275b2ca6dc739\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 21 Aug 2025 11:36:56 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3091,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b5a6dbdf3f12e11d0c5275b2ca6dc739","sha1":"a8495df42a8f1e18c12dc1723660d062bbc8fb6b","sha256":"8febfd79d9b9b1298af34575340a4288d6d5b01ee4e50c57f5a5509d602412f2","sha512":"813327003eefeef8e9772adc05530b46f52fc044d76f5ed1393854052836ae2f89a0118697367681afbab9084b4e215c3120bf09ea2713553a7e8286ca9afe2d","ssdeep":"","tlshash":"85514b4df6e41c33012f19bdc0f76a6993d84f4f694a7c283a9d6c4d1bd451900aad3e","first_seen":"2025-07-21T03:11:29.13175Z","last_seen":"2026-01-11T03:06:49.449217Z","times_seen":2816,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/captcha-api/assets/hunt-captcha.js","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:48.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"GET /captcha-api/assets/hunt-captcha.js HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/en/block\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1280; che_g=c7d83060-e0e4-4de6-a339-92feb323de09; SESSION=e14e5d7e1361724d77d4b74f02ac180d\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:48 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 21889\r\ncache-control: public, max-age=300\r\ncontent-encoding: gzip\r\netag: c74d5f9d71a7ed9dd08823a0722c0ec2\r\nvary: Accept-Encoding\r\nx-dt: 1307\r\nx-request-id: ed5c3fd1083bf104b144175a353b0534\r\nx-time-ng: 0.004\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.006, wf-uht;dur=\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87223,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c74d5f9d71a7ed9dd08823a0722c0ec2","sha1":"8d26f16e3b5794809901baaf14d1349005cef62b","sha256":"a2ccb5c63f4a9a3386c4ce0089e480d3c47d1cbe48b240d1a58f43058ab59133","sha512":"9bb970b3c04c384397642cf3ca0687a46aa440bf551a31eb254015f47f8847b6f67552fc018df58c0323d8e63c984b3af68ceb15c269f8ed703b116bc6faf0f1","ssdeep":"768:fY7f6KEQtx4m3/mL+mLaxICh3OUTeRe1IW+BvjW+jyneWMMx7KD8f/+YVNXC/vh0:y9km0+H5942iYKGhFk+i2F","tlshash":"a6830fd6396bac21bbc35d92c53a7ef3fc386485fbac8d18d12db2489955136d2e1032","first_seen":"2025-08-21T06:37:41.361325Z","last_seen":"2025-09-02T07:09:00.359602Z","times_seen":359,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/css/ed258814.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/css/ed258814.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-185ab8af5075c246004d0834a0e4df38-05e371253867a984-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:59 GMT\r\netag: W/\"9c9c6f63a636fcf42abbabfd7ccb0295\"\r\nx-amz-meta-mtime: 1755767336.922798485\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:34 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54739\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:20+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40926,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (40926), with no line terminators","md5":"9c9c6f63a636fcf42abbabfd7ccb0295","sha1":"193114669d09aca1118a1983a3a435e634411a44","sha256":"874a7eeadac9081696267eac766924ca3bf1967620efffd9f975075ec5913c56","sha512":"709b5769437e4a9bebafd8a7b264c513d4008b014ac201a07df1a3e4676bfb0292db8498071561de0d17f4844ed6d1cc5ed186fbaa0f8c1f3172fd74744c535a","ssdeep":"768:S/TaXC/9ApQzOofleFAE1/aW1XuJV2/DF0TcNh5MQe43GU5KJ:KTEC/9ApQzlfleFAE1/aWz3GUy","tlshash":"b003215eeca8d1760d3bf521a288be3c01b0f42ade314d97e50e57a118c3f9b15e0e69","first_seen":"2025-08-13T11:06:58.217083Z","last_seen":"2025-08-22T06:38:14.111775Z","times_seen":141,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":110,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/version.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /version.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 11\r\ntraceparent: 00-71b949be3b41bcc047b1fd8a1d396ee2-b239bd7901c4170d-01\r\nlast-modified: Thu, 21 Aug 2025 09:09:15 GMT\r\netag: \"aa799ac5bd2235457f4134e53a5ad312\"\r\nx-amz-meta-mtime: 1755767355.580868181\r\nexpires: Thu, 21 Aug 2025 09:12:46 GMT\r\ncache-control: max-age=60\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text","md5":"aa799ac5bd2235457f4134e53a5ad312","sha1":"526caa8b97d6204b078508963fa59fbf56494d31","sha256":"69368b0831b92da543163c9015c7c8123aed73aee27cd1b594f58f6709492077","sha512":"7f19230cbe30d8b02936b7fe8ffa86614e86be7804eba5a33e1b71f5bda8cda2ae648a14faf8941288110752a02f173ad96bfe5d230eb87c529889fb9a5cea86","ssdeep":"","tlshash":"225000003c0c03c033003cc0030303c00030000000f0300330000c0000303000000000","first_seen":"2025-08-21T09:34:57.514323Z","last_seen":"2025-08-22T06:38:14.149956Z","times_seen":31,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":-1,"dns":6,"connect":3,"send":0,"wait":57,"receive":0,"ssl":93},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1305/desktop/media_asset/6af1f3b3c78fa82ffa342a98b9c3e828.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-1305/desktop/media_asset/6af1f3b3c78fa82ffa342a98b9c3e828.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-576e6aa1981e6d41a9796beb201c546e-17470f93c41d3274-01\r\nlast-modified: Thu, 07 Aug 2025 13:38:16 GMT\r\netag: W/\"997bfeaf2924e7d0632cf40f25560047\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 21 Aug 2025 11:36:55 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23113,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"997bfeaf2924e7d0632cf40f25560047","sha1":"3c22bf3f6abd2c48fb467b17ac86bc526dea1ba8","sha256":"eaa4c5dce6ef97b18b56392792f9a64647ee3b332e1e4363619e1420d865165d","sha512":"fc4a8fced4294b4b23a6e28545dfdce1cc201636222399e1771bfc8ec8714af0c2f9f8e40257e5007f31aba2779eb51f2b8ffcda82e3566055cd6b4db3e8098d","ssdeep":"384:hrLr0fLPwUj+uZbC445IOhT9TYXw1LyaN1C1WjTZU:hvkD+yEW","tlshash":"d8a23b85faf40c33202f90ae95f3b90e93d85f879d4a6c14bfac2a4d2b54519016bd7e","first_seen":"2025-08-07T22:44:37.592111Z","last_seen":"2025-09-03T09:56:06.827267Z","times_seen":260,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 69\r\ntraceparent: 00-c90588186bbc42f93b467af9a30a6753-3fc3072d6d08b7a4-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:44 GMT\r\netag: \"2cdaa92927f02e0b628f1ef4d7dd8caf\"\r\nx-amz-meta-mtime: 1755084576.638097548\r\nexpires: Thu, 14 Aug 2025 20:27:44 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 14279\r\ncache: HIT\r\nx-cached-since: 2025-08-21T20:39:41+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/baf62bd4cb.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/baf62bd4cb.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-30ef8c2de634b11d72a15e4dbaa04f9b-1757846ee1b12cd4-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:45 GMT\r\netag: W/\"e436d2a44a4d836d135e261b6bc6014a\"\r\nx-amz-meta-mtime: 1755084576.646098197\r\ncontent-encoding: gzip\r\nexpires: Thu, 14 Aug 2025 11:33:40 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 45905\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:52:35+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3100,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3097)","md5":"e436d2a44a4d836d135e261b6bc6014a","sha1":"cbc0a076e152401a2d0fe1fecc87e4dd0468b810","sha256":"ae681f84c19ea6882f6bffbdae40f7797c5b7f507db7b805b495b6ff1bea7d87","sha512":"6740fdc467c1fe067dd4266b604363d5dc104b1f6054453209baf61f396d52288b9e6c8784d5b1505191fd17f7933387acc47585f62b4dddfc2ee92126b365da","ssdeep":"","tlshash":"4e51e6b471b4b4f477a80ccfbc2621b2e118a418380dd0e4e2adcca6118e097a07bcb2","first_seen":"2025-08-13T23:36:01.833147Z","last_seen":"2025-08-22T06:38:14.180255Z","times_seen":135,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:49.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:49 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-d6a80e9ba8560305dc124ba1288357c4-d2ac37882e206614-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 417\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:30:52+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-04-06T04:37:31.820168Z","times_seen":10238,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/vendors/plugins.v-tooltip-3152813f.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/vendors/plugins.v-tooltip-3152813f.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-43e9be2743d7a54a9770bba440e377c5-82df00a631d12d13-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:59 GMT\r\netag: W/\"6e24066fbb53d63390bf3fc56308cd71\"\r\nx-amz-meta-mtime: 1755767336.93479853\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:38 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54736\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:23+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":76824,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65476)","md5":"6e24066fbb53d63390bf3fc56308cd71","sha1":"0c5a09b27e42e21b9226cdaa133f27dc9293e6e5","sha256":"ae4315fcbfe9853926c38e42bb363eeb2f839d5c7df657820acdf132fa000c77","sha512":"5483fd3190960491541730d4d979b7fb1ac6c7962ae257218be9606b8156c7a05f5f7080f21a3cb05c2d18ffb3d6018bcec44cc15971d2f328a0426664b4c55e","ssdeep":"1536:1iBnz1T2l5GgbcczTPRSCv1MHoWWdRfm5x0:MBngggdzTP8wTWWRfmE","tlshash":"0173c84e72d0f0b203e7b1b5402f620fb2776558a40ae454b2b1e6d4ac3da5db267e3d","first_seen":"2025-08-21T09:34:57.556842Z","last_seen":"2025-08-22T06:38:14.122226Z","times_seen":23,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_f94baab5aff897d04e84fc6d43c992ba.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_f94baab5aff897d04e84fc6d43c992ba.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-70e17bb4377a9c8d824d0a1b25a69dc3-a248831fe0239b1e-01\r\nlast-modified: Thu, 21 Aug 2025 12:07:49 GMT\r\netag: W/\"0ccb8b5f3fb3a67122453f1e040f90f1\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Thu, 21 Aug 2025 13:23:44 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 544\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:28:35+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28249,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0ccb8b5f3fb3a67122453f1e040f90f1","sha1":"b63166b0f2130566123f957540dc8aa042406227","sha256":"dcbcdbf3c92c6202c79b55f142ab598fb3af5986fb85fe2647101fde509000ae","sha512":"8a52f9355dfccdecd654d6afe600a550c9e3326d03f87ca1ab7dcf4c64c606be491dedc2ccea48351cd028f21a956a1f4cade536e9e7bcdbbe3d79d9f5a5bc54","ssdeep":"384:1lq4T/8i+GZCH6CqyXLbhJ8QnBehe6pjfsE6oCNhWxB5gVInt5DQHirGqT:nq4wKeSjIodhg4t5DQ+zT","tlshash":"77c2723eb403fcbbf58600c4ae6bbda361b80098d3a9ce5b94db481e21e75de5157847","first_seen":"2025-08-21T13:19:56.961407Z","last_seen":"2025-08-22T11:52:19.532689Z","times_seen":20,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 1ece50b1-c819-4882-855e-ad43388da442\r\nContent-Length: 48\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1920\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 1305\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.060, wf-uht;dur=0.008\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"816b67a25dd342db716483d107caf3f7","sha1":"ee76e98b471ed2a0a1887134e7ee34ccf5830969","sha256":"965c773f55d4217a009a9ef0c384baa1de8b40fe115d69f3774eb71c5262ed7f","sha512":"91ed3983a350a391c9f400e1ba28483e461bd77af85c041e7f2430c2704ca2aa04edcddd98f52759b6847df4def48773b32ca2d76ecb9352629ee20fe6573379","ssdeep":"","tlshash":"dd700080880000020800008883200808a2b2a002002c8322208028a0000aaf2200a023","first_seen":"2025-08-22T00:38:10.373355Z","last_seen":"2025-08-22T00:38:10.373355Z","times_seen":1,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 1ece50b1-c819-4882-855e-ad43388da442\r\nContent-Length: 89\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1280; che_g=c7d83060-e0e4-4de6-a339-92feb323de09\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 1305\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.068, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"bbe28999004f30f19eeb3d41b97c9861","sha1":"6839f9f478a09b96f6150ea19dc42ea0321992fa","sha256":"92754b44f7bf0e4bcfd4410b2db51a5be00c0b609342b2dd993feee37abc6fb9","sha512":"da6d5a21a7a9d6de7e111bc898943d159a9292f9aa76bcb661a670dc96bf8e50414baca23254abe279594eb91cae8297374d94dc6e5da7ffc4d27d8e219592cd","ssdeep":"","tlshash":"6c7000200c8800002a0280302b208808a020800020800828308080200808ab2300bc23","first_seen":"2025-08-22T00:38:10.374323Z","last_seen":"2025-08-22T00:38:10.374323Z","times_seen":1,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c712a3b977.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c712a3b977.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 763\r\ntraceparent: 00-48fbfd7d6277be1e0c5c07272ed62786-6bdc1f22129d1dc8-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:45 GMT\r\netag: \"43c0a50957631da2c0d4a53301c35275\"\r\nx-amz-meta-mtime: 1755084576.647098278\r\nexpires: Thu, 14 Aug 2025 11:39:17 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 45905\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:52:35+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":763,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (762)","md5":"43c0a50957631da2c0d4a53301c35275","sha1":"d2e8cd5dc439a1c6e5d1c63089becc1837c46a3c","sha256":"22723e4936bfe2e9f9140cc1764fb1882684f015288d3cda721044c5607c40a7","sha512":"f976bbecb99c17173f613704992fdcd77da400fa0412c26975adffa3ca93d9e5b87480521030cb12afe122dd8ce9d445076fff388424b3e08ab53517b44270af","ssdeep":"","tlshash":"2301207ff973b024620048cd5827ac22d3453da91f969ae4c0dd0272d313012e00a8e3","first_seen":"2025-08-13T23:36:01.873704Z","last_seen":"2025-08-22T06:38:14.161529Z","times_seen":135,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/851158da17.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/851158da17.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-92021164ed82bdad2c472a8f04db6e7f-d7d56edb87e4005f-01\r\nlast-modified: Wed, 13 Aug 2025 11:30:45 GMT\r\netag: W/\"e5ed531d3c6b727e8446e0c0ea3c69cb\"\r\nx-amz-meta-mtime: 1755084576.646098197\r\ncontent-encoding: gzip\r\nexpires: Thu, 14 Aug 2025 11:33:41 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 45904\r\ncache: HIT\r\nx-cached-since: 2025-08-21T11:52:36+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3220,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3219)","md5":"e5ed531d3c6b727e8446e0c0ea3c69cb","sha1":"7be769538fb0c18fea783b3363277ba664f2b0f2","sha256":"1a75ae13310c535f2472d50ad7666ebb4a12dd9d0dd835a367c4e88336a6f04b","sha512":"443f6eac8b909841ab3c43992fc89f23c74e5a95c42e712c38daa6ebabeb7c3c8a7041bea9faf3ea2f26c3f655c8637c4201cf527976590f8d5f35f7793c0599","ssdeep":"","tlshash":"9061b68574f560f9790741cd3d917470e34a0db9239c05b1f2f5888823bd6c45b2e69b","first_seen":"2025-08-13T23:36:01.813795Z","last_seen":"2025-08-22T06:38:14.174085Z","times_seen":135,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:50.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1/23802/radar.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 22 Aug 2025 00:37:50 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nLocation: /1707728419/stub.js\r\nExpires: Fri, 22 Aug 2025 00:47:50 GMT\r\nCache-Control: max-age=600\r\nVary: User-Agent,DNT\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T06:11:46.020773Z","times_seen":13409077,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":50,"dns":0,"connect":20,"send":0,"wait":21,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.no/ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-7JGWL9SV66\u0026cid=360532931.1755823071\u0026gtm=45je58k1v897130004za200zd897130004\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104948813~105102050~105399921~105399923\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104948813~105102050~105399921~105399923\u0026z=894298711","fqdn":"www.google.no","domain":"google.no","tld":"no"},"ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:50.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.no","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:36:51 GMT","end":"Mon, 29 Sep 2025 08:36:50 GMT"},"fingerprint":{"sha1":"5F:6E:88:84:0D:03:06:C9:1C:FD:3B:27:60:0A:E4:F1:38:44:0C:17","sha256":"E7:9E:7F:BF:9C:B7:AD:C0:57:A6:D9:DE:DB:56:01:D6:5D:91:C7:10:F3:88:D7:BE:AE:36:96:71:3F:99:51:24"}}},"request":{"raw":"GET /ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-7JGWL9SV66\u0026cid=360532931.1755823071\u0026gtm=45je58k1v897130004za200zd897130004\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104948813~105102050~105399921~105399923\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104948813~105102050~105399921~105399923\u0026z=894298711 HTTP/1.1\r\nHost: www.google.no\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ndate: Fri, 22 Aug 2025 00:37:50 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\nx-content-type-options: nosniff\r\nserver: cafe\r\ncontent-length: 42\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"d89746888da2d9510b64a9f031eaecd5","sha1":"d5fceb6532643d0d84ffe09c40c481ecdf59e15a","sha256":"ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629","sha512":"d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c","ssdeep":"","tlshash":"c4900023fa808000c3a8c2300a0b238a2b8c80200a28030b80ae208cec3a3a22c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-06T06:11:58.480853Z","times_seen":771183,"resource_available":true,"data":null}},"time_used":225,"timings":{"blocked":93,"dns":0,"connect":16,"send":0,"wait":37,"receive":0,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/en/registration","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-22T00:37:37.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"GET /en/registration HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:38 GMT\r\nlocation: https://1xlite-786689.top/en/block\r\nserver-timing: dt_total;dur=0.014, total;dur=280;desc=\"Nuxt Server Time\", wf-uht;dur=0.291\r\nset-cookie: platform_type=desktop; Path=/; Expires=Mon, 25 Aug 2025 00:37:37 GMT; Secure; SameSite=None; Partitioned\ngw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwxMDkwLDEwOTMsMjE5MSwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyMzQ1LDQ4NCwzOTUsMjMyOCwyNDAyLDIzMzIsNDc0LDQ3NiwxMDA2LDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDEzLDI0MzQsMTA5NiwyMzUxLDc1OSwyMjI4LDIyMTQsODQzLDg0MiwyMzUyLDc1Niw3NDcsNzQ4LDU0OCwyMzUzLDI0MjUsMjQyNiwyNDczLDc4NywyNDQ2LDIxNjMsODM5LDc4Myw1MjUsMjQzOSwyNDQwLDUyNCwxMDc1LDI0MTYsMTA3NCw1NDksOTQzLDUxMiwxMTE3LDExMDEsMTA3MywyMzEwLDIzOTcsMjQ2MywyNDUyLDIzNzgsMjM4OCwyMzg5LDIzOTYsMjQwNywyNDEwLDI0MTIsMjQxOCwyNDIwLDI0MjgsMjQzNSwyNDY3LDI0NTEsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMjQzMSwxMDIyLDEwNDAsMjQ3MSwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyMTc3LDIxNzYsMTA4Myw1MzEsOTkyLDk5MCwyMzQ3LDEwNDEsMjM5OCwyMjAyLDEwMTgsMjQ0NCwyNDcyLDEwOTksMTA4Miw3ODQsNTU3LDc3OCw3ODIsMTksNjU2LDIyMjAsMjI5NF19; Expires=Fri, 22 Aug 2025 00:37:37 GMT; HttpOnly\nlng=en; Path=/\ncookies_agree_type=3; Path=/\ntzo=2; Path=/\nis12h=0; Path=/\nauid=sv0jNWinu9Kn/rC5A1X6Ag==; path=/; secure; httponly; samesite=lax\r\nx-dt: 1305\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":300879,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T06:11:46.020773Z","times_seen":13409077,"resource_available":true,"data":null}},"time_used":598,"timings":{"blocked":138,"dns":45,"connect":28,"send":0,"wait":321,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1305/desktop/media_asset/1d19d876f4cad91981c1e68d34e0c554.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-1305/desktop/media_asset/1d19d876f4cad91981c1e68d34e0c554.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-89998a3f065bb326564217049adb6a10-802973a031ea8200-01\r\nlast-modified: Fri, 01 Aug 2025 06:40:42 GMT\r\netag: W/\"b255cc6c6ca667c6f42f2d9ab151b21e\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 21 Aug 2025 11:36:55 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7481,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b255cc6c6ca667c6f42f2d9ab151b21e","sha1":"a0c241d3c2fa56d392cc204f2d386046a5273a9b","sha256":"9c347db4287a13bf6e86c34baa07bf255437a85566ba14a77199a753b73a400b","sha512":"62bb36631dfa4cd6790efcf39ff920a0b11741cd1b5ecd936ecce083090c0336cb216eb28f838e05e27fff2509a6b8724d0f6c61349da57506e6eca112c8a294","ssdeep":"48:TzABBABGkABjABFygABCN/ABCNYN8ABWHABaEABzzEFABIIX4ABBxSHsABYiwABp:lFbClXCL3cblP+XyLO5GIM","tlshash":"e7f11784fff04c33112f94ad98b37a89a7884f07a95a7d1c7f9d294c1f1451a04aadbe","first_seen":"2025-08-01T12:24:56.656253Z","last_seen":"2025-11-07T10:46:34.805118Z","times_seen":2150,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.948Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 1ece50b1-c819-4882-855e-ad43388da442\r\nContent-Length: 98\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1920\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 1305\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.006, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b0703abc3825e7dfa0f577a6cf3a2db8","sha1":"c2e2711d332a658c0d484486709ee762d76441ac","sha256":"ce4b6ce95e27c5da194be3a22d14fabd1620e9a46100e7dd9ce81f30ac1375c3","sha512":"5485f0e46febf78b0c7fd38c4eae96f73f223ce05d0ba6c218e1921c2dc8dad87b5e596862f3a3dc2c595369a1133f33a143054e87fd73468771b9d23b1261ea","ssdeep":"","tlshash":"3e7000808c0000020a02008ac2200808a222a03802200a20a0882020880aab2000a823","first_seen":"2025-08-22T00:38:10.377303Z","last_seen":"2025-08-22T00:38:10.377303Z","times_seen":1,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:51.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 1ece50b1-c819-4882-855e-ad43388da442\r\nContent-Length: 109\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1280; che_g=c7d83060-e0e4-4de6-a339-92feb323de09; SESSION=e14e5d7e1361724d77d4b74f02ac180d; _ga_7JGWL9SV66=GS2.1.s1755823070$o1$g0$t1755823070$j60$l0$h717819152; _ga=GA1.1.360532931.1755823071\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:51 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 1305\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.009, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d1ea3c9862dc0c18168e9df93732bd30","sha1":"fd341b6295364441f7953865ca3bf58142606470","sha256":"49a87a198fe4db460eec005946e89e8e2acd9ce55446aea278e5cab484272625","sha512":"ce53c3aa725dab735c9089af902290d7b8c2d74408facf62de7678a64490772f85071eae9f23154a3b560d6ae264489972e1e478a41b500236ff50beba93e9b2","ssdeep":"","tlshash":"a770008008000a320888000003220a8888a0b22080000020208020208808af38a2a223","first_seen":"2025-08-22T00:38:10.378148Z","last_seen":"2025-08-22T00:38:10.378148Z","times_seen":1,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/89eefdd8/desktop/default/runtime-d62f524d.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/89eefdd8/desktop/default/runtime-d62f524d.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-4e89a932fa77e47ff1b3d55029c1ce0d-4cf96b1735cad69f-01\r\nlast-modified: Thu, 21 Aug 2025 09:08:59 GMT\r\netag: W/\"981afb39d72cfeb54e5a117fd88f70dd\"\r\nx-amz-meta-mtime: 1755767336.931798518\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 09:23:34 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54738\r\ncache: HIT\r\nx-cached-since: 2025-08-21T09:25:21+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18398,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (18398), with no line terminators","md5":"981afb39d72cfeb54e5a117fd88f70dd","sha1":"7d7b87a70870c5d13ad1c2a004df298393ee5426","sha256":"6868cc440c0285fb55bde9880bca5a8a32d50818c649b00f9dedd7821c9d4ecb","sha512":"06f1727b548b54a288aabc468fb868eac90c8857e66d6fbf58ad776c294b5453b2d32a56b62fe5630c9085387fa51b970413f107d7c3b91dd3ea72a1bcf9aa04","ssdeep":"384:FwzBq0PCItnLcEL4u4B50PCItnLk/HdUoWPSz5W3:GUDItLcEL4u4B5DItLjoWaz5Y","tlshash":"ec821e9daf1acca71923dcc338217d21595820335c5647ece6fae2285018e6c75afe2f","first_seen":"2025-08-21T09:34:57.488937Z","last_seen":"2025-08-22T06:38:14.151135Z","times_seen":23,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_cbde8b5a0c3d88dea8ee62557b2ef409.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:39.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_cbde8b5a0c3d88dea8ee62557b2ef409.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:39 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-b46a8ccaa8194a4b5f48cf9c2b163664-e54d5642277b39f6-01\r\nlast-modified: Wed, 30 Jul 2025 12:06:59 GMT\r\netag: W/\"8b5eb9f2caf196536794f3292d12c281\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Wed, 30 Jul 2025 13:15:14 GMT\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1904\r\ncache: HIT\r\nx-cached-since: 2025-08-22T00:05:55+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22925,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b286491cbc4f71b6cb4dbd659571f17d","sha1":"cf54236392e17a1df0f2d3f11a69467643eec4f3","sha256":"4a5956c339dc3f5bf0fcbe8136ce73c3dde6165994c1397bb4af4c5b9d4049bb","sha512":"1e48d9bc6bb83e66d428763fcdd4459ac21a2df7db174a2bca658fc5bb2d8e69b524e5f9dd00e6854802402a362ab0b3ba8444c61352a1617250f6dc2f1c3616","ssdeep":"384:gtUYZ6LlTYvzH5W8qD8bqBSxkhx+/Y5egwZwcW1/vxHyTqC:/qLHuDDsxkP++3rJgTqC","tlshash":"13a2a54f9f788c7307c3060b7d8b6b9a26fe1158769208198fbd8a6d1375b91a33349d","first_seen":"2025-07-31T01:11:02.511648Z","last_seen":"2025-08-22T06:38:14.167289Z","times_seen":337,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 1ece50b1-c819-4882-855e-ad43388da442\r\nContent-Length: 19\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1280; che_g=c7d83060-e0e4-4de6-a339-92feb323de09\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: application/json\r\ncontent-length: 2\r\nx-dt: 1305\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.075, wf-uht;dur=0.011\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-04-06T05:11:39.684757Z","times_seen":227965,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:40.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-786689.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 1ece50b1-c819-4882-855e-ad43388da442\r\nContent-Length: 72\r\nOrigin: https://1xlite-786689.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1280; che_g=c7d83060-e0e4-4de6-a339-92feb323de09\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:40 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 1305\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.114, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"abf37ecfb8476f904388c993529f7e62","sha1":"d9f3b8489c7e6791237406676a337105a048b038","sha256":"16cb82a096aaf351465811a45669aa66e3b9ca9faebc19bc39bb90109512d4fa","sha512":"ba689588937138d706fe3fd6a45f74eab9225002f52a5555d8580068409dc7deda3d5d520a114f38f35b0f336158ea2d4d45cd5875ad63554376a2145fb03234","ssdeep":"","tlshash":"aa7000002c80202a0800c00a2220e888c02080000082822022a800308e08af2a00a823","first_seen":"2025-08-22T00:38:10.38012Z","last_seen":"2025-08-22T00:38:10.38012Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-786689.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js","fqdn":"1xlite-786689.top","domain":"1xlite-786689.top","tld":"top"},"ip":{"addr":"178.253.35.53","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-786689.top/en/block","date":"2025-08-22T00:37:48.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-786689.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 08 Jul 2025 05:19:38 GMT","end":"Mon, 06 Oct 2025 05:19:37 GMT"},"fingerprint":{"sha1":"AA:30:AC:DD:35:7A:57:A5:E0:E3:85:E8:56:55:6E:F6:1D:59:9A:D7","sha256":"7A:A5:9A:19:BD:83:1C:01:8B:6B:81:4F:60:58:C2:9D:19:98:76:3E:12:87:69:A8:A1:D1:0D:D2:E2:AF:79:E4"}}},"request":{"raw":"GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1\r\nHost: 1xlite-786689.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-786689.top/en/block\r\nCookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; auid=sv0jNWinu9Kn/rC5A1X6Ag==; window_width=1280; che_g=c7d83060-e0e4-4de6-a339-92feb323de09; SESSION=e14e5d7e1361724d77d4b74f02ac180d\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 22 Aug 2025 00:37:48 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 615\r\ncache-control: public, max-age=300\r\ncontent-encoding: gzip\r\netag: 32053c9c355cf85427a5cc3f07de0b09\r\nvary: Accept-Encoding\r\nx-dt: 1307\r\nx-request-guid: 3a19bc9bb2c2edad7cc3c25a813c8554\r\nx-time-ng: 0.016\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.100, wf-uht;dur=\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1024,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1023)","md5":"32053c9c355cf85427a5cc3f07de0b09","sha1":"f3c13d6a657ffa2ca8997f54f4779f0c02f1600a","sha256":"0ec410318f3ecc3a3aef3de68e99190845248bcc12282aa15eb9acc87f8837d3","sha512":"cbb8c7ef0bbed264989bf5b4af7d216cdeacc5684641c37d429e5ceca7dc04e55254e81f319cd856e7b4f447565bf5abf4e9915f5725eb57cfb142f113362078","ssdeep":"","tlshash":"2211756e18ed58291a9275c402b7ccfc642036363219d4c495ede9e1072ff990032f5c","first_seen":"2025-07-24T09:34:41.13762Z","last_seen":"2026-04-06T04:37:31.872391Z","times_seen":3857,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-22","alert":"Sinkholed","trigger":"1xlite-786689.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}