Report - 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click

Report Overview

Submitted URL
1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
IP
178.253.29.51
ASN
#202492 Silverhill Group Holding Ltd
Submitted
2024-05-07 22:04:25
Access
public
Website Title
1xBet ᐉ Online sports betting ᐉ 1xBet online bookmaker log in ᐉ 1xlite-461430.top
Final URL
1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
110

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-05-06	1.1 kB	448 B	216.239.32.36
1xlite-461430.top	unknown	2023-08-11	2023-08-11	2024-05-07	104 kB	538 kB	178.253.29.51
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2024-05-04	93 kB	4.6 MB	185.244.209.62
widget.suphelper.top	unknown	2023-08-02	2023-10-04	2024-05-02	5.0 kB	2.4 MB	172.64.148.184
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-07	861 B	172 kB	142.250.74.168
radar.cedexis.com	3035	2009-01-07	2013-11-27	2024-05-06	822 B	1.1 kB	45.54.49.5
www.google.no	25607	2001-02-26	2016-04-05	2024-05-07	580 B	578 B	172.217.21.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (115)

	URL	Size	First Seen	Last Seen
	1xlite-461430.top/polyfills.js	0 B	2023-03-07	2024-05-19
Pretty URL 1xlite-461430.top/polyfills.js IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 20:11:41 Times Seen37841345 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js	77 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 45f90516ee8a557d78c08e1e925c1490 adc0363ed75f47f9513a36a94173c6e4940a2adc f5b8b3c4e62dbb4ebc5fd634f5bb17b3145a14c21bdc3e9c0a4dcb45b9e573fe Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js	26 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen49 Hash e30c678eadf7bd0fcc773e1599b97ddf 41243dc14d9eb2569fa832a3b8c27fc0158991aa a4334d54b8db6d6eceb88c48ee428dfbb0ad3749d4137439f77859e205b52806 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js	1.5 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen16 Hash 76cb7b38bd7dd009e525ca10453839cd 6f243fa517f2f2eb7c5de651fca6efed3c6f7ded 91471eda0cfb8a92d2139d87180f101574355cc4009e8983507054f8f9883aa3 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js	188 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash fdfc9ec2fb0c6c09b91f4d7afd8b013e fda34cd7ed3c34c04b95aa7ef5c8602246560792 52c22cd0255170803b57877f20365b1cc0cee020b6fff69c71fe0f7f6c9f276f Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js	14 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:15 Last Seen2024-05-08 09:00:23 Times Seen30 Hash 395deb0abfd0ea102c0c9aa4cf08b2f9 b53c99a2bce733f0a45a075000949d34e2fd0b17 f11d7b6985d7e97030628cf137377b14e9316f8919f80dff4cdd488366aa6652 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js	8.7 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen53 Hash a5db05d47f7f37c06acc29a0f4eeb447 b9ddddb586721548eaa4a62d7ae420bfcfc5bddb 4053d0ffbd3af6bc022131a3f123bd4e88825f1b5f06a74dd2072a2b0fe3f243 Loading...

	v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js	138 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen52 Hash 03b89bdb4f6013159d40de88c98403b6 cf41351caa86d91b56cf839d54ab28bf8f4f54f8 42d02ce0b520e2d8ce7341a0b07d92cd3833d762337b1f8aabc6f7f23e6fad4a Loading...

	widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js	78 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-19 19:59:13 Times Seen613 Hash dc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js	2.6 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:21 Times Seen16 Hash 942da12c1a44ccf257f6ea3e09ed3175 117b957d554602393aed24ffb08c957f89dc622c ecb8f76caef1e9eda494ea85e50bfa687baf1a99774b32edd34b03e8215f4075 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js	66 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 5c486444497d7afeea7cabf3a651d76a a5c40dee88530a85a4c061ad4379b13e3b8df745 9c3b64738e185dacb94ddfa13c1807be093f49e0a3b5810f92db524ea9f60020 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js	28 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen26 Hash 9167c6082d419d35f57a606871184d06 d4c4fac03b353c5881c352d6ac0c05947dc2e633 bed35ed9386f6d0d6f3096d00c7d14e042c5cb404f07ef0bb9abb4cc381e89c3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js	10 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen22 Hash be042bab68dd466121fb1460a17b1795 3dfa3c583644e2aa71ff199a262a54e17cd378d6 2a7bf413f8f8d67f545da852425cdec3b3960fa2c62960ca49c5a2dc43108ac0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js	17 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen53 Hash fda91a0dd5e8251a0c4c540d7e54ed52 3c4a6e38286708cd62ff071ccf97e73f37200728 b3c3c2ee09cf4af0164878165cd9971fbfe83a461c18ad0ef7cfc33b36b782ef Loading...

	widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js	141 kB	2023-03-08	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:26:33 Last Seen2024-05-19 19:59:13 Times Seen2536 Hash 896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js	20 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 860ea683ac1ca8494adc10cb2ea4fcdf a1004cb9bb3a036d215dfbf6b9bade88ad81a7a3 e8fcc72111c9040f545dd314899e61e406ceaa76601c816dc3c1a7b407f88850 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js	1.3 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:35 Last Seen2024-05-19 19:17:03 Times Seen78 Hash 518e0ae196483ada8b528a1f2b7df0a1 50e66030d9aca44adb3bd7893ef3c42593e26be4 529ca09688eb85183a34a43651cad1e8fabae2a02924753d54786f3de5e85693 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js	6.7 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash db345f9ab9f4b60494ed02dd78f38d79 cb9cbbfabcb9c33191f6dae2927282f0ff4fa236 e9fe103123d124c15580efc873171acc3a1235957353992c779f9ab30938aab4 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js	372 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen23 Hash 441a6448f5a4242779baf6fc1399b13e b646aa02b2ed08c1590c6f4536341cb2e51a4f1c 0eede7ea7bad647cc90b8044489561c58d2d5865e88ecc59a572589c6ccea6b7 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	178 kB	2024-05-08	2024-05-08
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 00:04:31 Last Seen2024-05-08 00:04:34 Times Seen2 Hash 57b62d5e0dfc09721c02d5929ef91ce3 c70c83e306a7f1e00e6b1904b11dc676f04ef733 4097bd032e776994c2b75a7395d343166ae0f5a16095387ff82e31d1aa747548 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js	20 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen26 Hash adc7f8e289bd475a5a922c91b93591b2 540252cd02880714746d3656e61c67e7acab7fda 3b542ce26d333f558f94adb8cac49e58be95a5470eb3079d1dc0b2b7a7c97b6b Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js	41 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 3645d2d457e7c89dbddbc70d1bb71d2e d91ac83ee98ca90c4a45448683041facd9b325cd a615e922b7060fe133277857d8a581923a62ce0da64aff95340bd9b884856a5a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js	15 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 2f5a8b05ac32c583fcde180d9d46fce9 86cc94f0c76922b731336bb6c13ff2839f37d689 6f2a20b4cda56cb4d92bd6d3817945c5e659723eaf3e5c85f0a00274c909a9cd Loading...

	widget.suphelper.top/	196 B	2023-07-20	2024-05-19
Pretty URL widget.suphelper.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 14:42:12 Last Seen2024-05-19 20:06:15 Times Seen2123 Hash aa729c2ec64b60ce3b2052cc8edaa329 0f673deff4bffdd337a6220feb0b7b5b5ff666c4 9693391d461678be59d683100b1442f4ee65d2cf5bda3904fbf6232a7eb921ca Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js	504 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:24 Times Seen30 Hash 5387051085dcc459e7077d5d8000b85d d22afab6c65228f0056f66e4f150783f6014e36b 34377c13fd72112cac96fba3642f084661361aea701a70ba3702c82c9bb42790 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js	37 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 63e1a6027725eca572736670eb935432 e3578492cf68e66a44f556a98545294a5b1bed5a e96e0e4abe03d7fb0d2449e0f2bf27bb0ee85cdd4d7b4098276c712842b45d8c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js	16 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:16 Last Seen2024-05-08 09:00:23 Times Seen26 Hash 18f932fe4f53ce3de4a44b04b0524916 ed47f4f593c25b33012b0369c19883c23e7d3df1 c665029c63cfd9399be9c74e897668b621e3a6e690f0da69196f4c73c16f0cee Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js	1.4 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash 1ca49088b69c49762c2b4dab10ebe060 d9b6754b9fd11ad9be0cec795758b89b3b9dc62b fc430e6fe7bd867ba551df2263494ba5dde0e1826aa3a16cd52af79430abec1a Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js	5.0 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen16 Hash feb5d0c05443398468224d2944536b10 d795e84479919f2fca3e48ddb1c9fea251260f92 d613b9c5f54a7d16fcfaf0ee200b05548ff0cc03a52ea1c3ef75c0315f5582e5 Loading...

	radar.cedexis.com/1/23802/radar.js	390 B	2024-02-13	2024-05-19
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23:26 Last Seen2024-05-19 19:59:12 Times Seen303 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js	1.5 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:57 Last Seen2024-05-08 09:00:21 Times Seen16 Hash 7def1ae39ae3ec1a1a1d626c24e5a7f2 c01023fb1bb0149d53435f5e665c7936ce88aee6 9b43d70a4acc4172dd9c3fceaa2e5f0585b1263516eb3b1f05c363980294152e Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js	42 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 21a80fe42c418607606b5ee8ebc9ebe2 b93c8e0a2f18dd371501e1a8739e9445b2c1d9d1 880f72443c469f2d2e9421789eaeb1f2042a8c4ccfc8ce9057a685d588a97ff3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js	122 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 01:37:00 Times Seen20 Hash 6bb873114649db4b87839383a7d31921 91b56ad064a4b8fd0d7edb89a040c6b9d06866aa 6dc41e4f75d65dd3dc2f311198e1a9b2b65e0687c2d905b7d64cf9265f7bda2d Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js	1.0 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 54f54116f151f6469527d5f5c584887c 8078098cda5d50eeb285da4fc78655562f8324ed 8112adb0bbfa619109d5a6c3263e5e1761599c14b3c474b58b2f5ca512b46efb Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js	53 B	2024-04-24	2024-05-19
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-05-19 17:11:27 Times Seen52 Hash bb7e15ec1662efa164ad912bd1c65e19 bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52 a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01 Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5	2.0 kB	2024-05-07	2024-05-08
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5 IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 09:57:20 Last Seen2024-05-08 01:36:59 Times Seen6 Hash 991153757cb65d57b6e6a8783a559b80 75396d28d126eada9fd69f33367626010d646633 3a5ba93a4eb20431badba0e7b99b59d7f8643b62d74ae41af64bae7520d523d1 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js	134 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 474bfa89621896100251055f7c19712b 0e19c615fc77f9ed2d69d74b7f8a42d41c6f5138 ea0fef6e0a33df0b36bdce2df6b8bf50eef0dd3b71c7c6fc567a7d7c5d39fdd3 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js	41 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:27 Times Seen21 Hash de79bf6739658de7bc537d692f3638fe 1e7a3af0be67bc48ac8f184324daff5f1422ac26 35f8f183f2c85dfafed1127ec3f72da678b9eea861b4083672ae4580ff6a0af0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js	47 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:18 Last Seen2024-05-08 09:00:23 Times Seen22 Hash ef9def5f3c8a190bfffb14ce24c6eb58 c5fa568c8f9bee2aa988c80a7246e07edd8d84ba d5d3ad6908352036bda426fe1fdc6f1dc03ac13a7029bbf25fa50580abd9064f Loading...

	widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js	373 kB	2024-04-24	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-05-19 20:06:18 Times Seen240 Hash 36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0 Loading...

	unknown	34 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 20:06:15 Times Seen965 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	322 kB	2024-05-08	2024-05-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 00:04:31 Last Seen2024-05-08 00:04:34 Times Seen2 Hash 4cf49bd2829baa84b3a262c20cce5184 e7714481a4c6fcc2a25caefc017fbcd9acfa6caf b27100eed19142e85728fb8cbed0b9d7f40bd5eda5614fc06a11b5156e02ead2 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js	7.6 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:15 Last Seen2024-05-08 09:00:23 Times Seen30 Hash 68b874a85269b1e64bfd1065d0254a1a 46d5559120d28058a530b18616085b6826bb03c3 7a51983ef71867325dd5d9bf7b7eadc66b567a882f50c1d09158bf4f7de8b587 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js	76 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 05e740893c07a5cc45b5f0f2d787dbf5 28c364157e02ce207609bca53064a4b513e8bda7 a2af38a1cec7178448ce8d1aee99190b643f50894d3d05cac2e5234caeac8e5e Loading...

	widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js	481 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-19 19:59:13 Times Seen604 Hash 46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js	237 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 8b5b82fea92540c112a534ae258307e2 380afabff0faa228d8c4f10cc9947b310d1bab68 ab31af22488ac9b76c9790f4d3cf1096a9402e7ab4a5b8e09d373cb5b62bc651 Loading...

	widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js	37 kB	2023-10-13	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:04:09 Last Seen2024-05-19 20:06:19 Times Seen3239 Hash 6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js	198 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:26 Times Seen44 Hash 191ff223860f458112e0be2a63bd9857 850dd681d5b31321f00b8df955a455aa9478e44e 40e1fe6d194776c5fa845dda1dbebda9c2bc3154d8c45793ae74a2e1bf147016 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js	31 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash f9da465f4f7355523306ce6bbf89c0d5 c39974e7867bcdd6bbe385ba52c9be335afdfe6b a5ff3777031e8ee4babfe1d6a7a6fff1fb2fc0db58de71ea8202bc37a7aab0f2 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js	56 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen52 Hash 45302df89a240c65824afccc0240c030 84573118a402aa9a4ee0321ccf3f914c438a8369 25b695450684f580508f24855ea2d181ecd499e26573010621dd4a2ddc5af16a Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js	12 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen21 Hash d5bb5783c476219b31ce5582083fd74b 326b40532b72988c1d23fb931daabead75d18482 2724a816ddb0fd1234ca8cebf9db4fd60290f282fcfcb5619ffe70be9c0160b7 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js	1.0 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 19:17:03 Times Seen78 Hash 8fecd56fc5520134f3c39b17431fe0c2 e0cedac030a1fcf68779a592ed9e0775beb45123 3e01dfddf1e68faa32769d615eeb0e838a29241d18a57090040c595ee05f0ba8 Loading...

	unknown	47 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 20:06:19 Times Seen952 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js	6.4 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:30:35 Last Seen2024-05-08 09:00:26 Times Seen65 Hash 60f915b0daad3af04303726381897e81 133c20a7f58c18758483c23f595d5a4f22ba9371 320b5a7d25c926dc55eb7a53f4348bf7c34bd7f5bc6ad3bcd1d16029239dc3a1 Loading...

	v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js	853 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:17 Last Seen2024-05-08 09:00:23 Times Seen22 Hash c4d75347728629ec3f0b90dc82f0a3d2 ff949fe02da04d39be746f8d091a1a7b30126f7a 8ca2bd3ad104c33fb6189e87cab8992734ca6bf99a631ed413f63444b834d33b Loading...

	v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js	3.1 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 66c4eb11ec60384b198e73db080c0f32 6fb7618e384b9e01454c7b984728236f178192da b45c772a5a204e430a575b896edc43205412a5f28539c2e48c152df7669ad7cb Loading...

	widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js	77 B	2023-03-07	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-19 19:59:12 Times Seen87593 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js	92 B	2023-03-07	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-19 19:59:13 Times Seen8010 Hash 7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js	435 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:22 Times Seen25 Hash 213bb33769eecf49a9d71c164b83a3d6 2caacec15b0665fc36759a6bdf499512788dd7f3 75e86ca16a3f828026bc32b7aab627175289750ac184bd505d531c591d2bf011 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js	1.2 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 52ab057c90af6d742e95f43ff97e95ff dfdce102add5fc4fa06ac366a663e7a732bd9352 feedd981d953d2933cbb35a49608ebf408f13f457399c2b11aa1ef5eb76db547 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js	731 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:55 Last Seen2024-05-08 09:00:21 Times Seen26 Hash bd6d9e7b07e097eb950f4b8bd6ada2b4 d332a4f5771e4f6d2cd47cd94ff85c5eb5847418 ea2bfc78a76204b704ee4ff215cfd6be3c7edb98b6c6e77501c5dbb88f261ea5 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js	450 B	2024-01-25	2024-05-19
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-01-25 11:06:32 Last Seen2024-05-19 17:11:27 Times Seen139 Hash 056ce527a12544a37f984ac598be2344 6946b65cf1c68960e5f9ac0900a0df66a13e7e85 cd7cdf53c803ca43a37171180d14c2374e45ab347d309f9b83a107b9ad9b4ed1 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js	954 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 1992415420cd9d59941e07133aa0c521 308a748fa982a440a112cb9e449f25a23bd6d83e 94a8f060251c7e705ee8c823783cb067e2844edb0f3900b6b0e91948d92ce907 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js	28 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 01:37:00 Times Seen20 Hash 18963957c8f45d24c0819a973d362e7b 5a1846a89c5cc9e8028044ff5948bd94f428c412 d1c98b4199c034c2a115ba70268a3e536640ca8b992887df0b085d476ab1275f Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js	21 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:33 Last Seen2024-05-19 19:17:03 Times Seen112 Hash 598d5481ac96b9bf8013b0eb1413b8e5 cc7e3384da379a215ac43b2385e901e22ceb6327 1488ecc35389c72a3aa26d468420069f6b719db456ea82605762311da663b65f Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5	924 B	2024-02-25	2024-05-19
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5 IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-25 06:56:59 Last Seen2024-05-19 19:59:12 Times Seen150 Hash 92bf20f2f922cc746bec8fe320b23ed3 768e5dbe711e1b62cad807b11ded99ef85001483 b81f4c4f575092cb52a07f89a96291f8e258b3f6bf61e51df0fec3bcc3132fea Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js	7.8 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 3078429361b9801527b7f4deb1ff2633 c0bf69639f54697d7fcf5ee8ed06072a629b3fff 3042f5f56a8fae2d232bd88071179a50133e8d90fd11ec2f52259b23d8e0cb5a Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js	81 kB	2024-04-25	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-15 18:55:36 Times Seen32 Hash 67267513246705d46a0bb83e1f8efd2a d1af6d9ad50f110bbb4bb4d75965dd939a14e15d 35acb34c3273056ead66f9ae7dc11b3c2e3bd1a4c46dc22daaa6900c150c2b2c Loading...

	unknown	44 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 20:06:15 Times Seen954 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js	30 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen25 Hash 93a3cdd4ea0ae5eb295e71988355c5d4 0c9e334aebd99fb9c44575c99abda82d0b53acb1 104a5a19f0a8b4d443e55c32daf49eea2343ee96da27b48c21f09e1425081d62 Loading...

	widget.suphelper.top/_next/static/f385e6db/_buildManifest.js	519 B	2024-04-25	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_buildManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-05-19 19:59:12 Times Seen147 Hash 06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js	30 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 19:17:03 Times Seen112 Hash dfa127e93d125d4f6c566203eaf225f2 32c1fd89c4eeed7ac2a942582b3786659b15cd43 cf5077d1cff62ce76807408ebc2203563b7a221ddf1cf38339c6d54289bff390 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js	32 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen49 Hash 3f5e6415a870624bda2cd9741726af93 a5f7d27d2ca9f7e89a230ad43754f4e0390f293a 68449536372a92443232c2c9299ebc24a5f62543e6b12cd0a137b078f50d6e9b Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js	424 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen23 Hash 33e7498a57ccd45d4321735d481a7313 46b45796c16d136c29f360cbb68d5b205904bcfd 778fa85294ad50c151be62183dbe5c18d754019a84e6c8a929b2c641d38ce3e4 Loading...

	data:text/javascript,export const meta = import.meta;	32 B	2023-12-06	2024-05-19
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32:28 Last Seen2024-05-19 19:59:12 Times Seen976 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/60c7aeb54494.js	715 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/60c7aeb54494.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:21 Times Seen28 Hash 0a4d6d7efa89ba140b62c6aee5e8fc6f 9e5b132d8df77dc2fe824cf30a362084400f23c5 60e4e95557382dcdc956e8e80595030789aedfcf6c9f2ff90e92c5f4a2631e0d Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js	37 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 149f1f916b0c47494c7bdc15122390d4 f6be7ef6c3649f4b83fd19f7459dbce46ff15925 f8ecbd7355d64beb3e23daea185a634fa436012d707160381bb3b65548a9c92b Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js	416 B	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:21 Times Seen17 Hash f82b46dce7c19fd9f12e08311e06b4d7 a22d1a217e0b5665e976cecf1cba74c7f884ba21 a5a3de88355ca693c9e33b10b37c3f175362fb3c581ab02c44fbb4fc424c4b1d Loading...

	v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js	3.2 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:30:37 Last Seen2024-05-08 09:00:23 Times Seen67 Hash 0cc9277dab4117c9b162cc01e1f0b97f 5b7d9007e2d99d3715c5f226aadf44aa4da4332b 6d7637a83c7812813039573e9c67efbb30e4021a971c546621a397eb72ea4bd0 Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5	669 kB	2024-05-08	2024-05-08
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5 IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 00:04:31 Last Seen2024-05-08 00:04:31 Times Seen1 Hash 5ad7a8f255de9aaeb0641145fce7c327 e6cd8e42e103a92ec1ad237b51e150c7f7d03344 b941eebed82fafe009f872d9f05756d593faa67335ff9b269c82cfa11d7b5462 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-414928da.js	2.3 MB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-414928da.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash 2ff74ba461966e9ef07ec952168d3783 eac39aaad2751e37b7b7e1cf6d966696f9c1c044 2073d859a26714aca057e24cb8c9ac7e8fd7bc8a184406d49cf0c46980ab405d Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js	1.0 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:57 Last Seen2024-05-08 09:00:22 Times Seen16 Hash b49b08255ad6dd3864f907913b849ebe d795fb55582cfc60ad8e9316849952ace5cdfd29 3fbd78a17348b646b42ee72bcebc1c930f88f26e3b9e42ae3c488637e1e4a655 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js	27 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen54 Hash ead4a901af60e4b8138e732f0aea9637 7c1d57d444a07553738ddcb8b6a2bee305a0c215 e6bc116e4cb54d011d2a1fa1f87ab12d1f320aa8dc54c89b1f286f2b02ee14c0 Loading...

	widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js	1.0 MB	2024-05-02	2024-05-15
Pretty URL widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 12:28:02 Last Seen2024-05-15 07:03:13 Times Seen91 Hash 5997e7f54cf2aebf463f16902ccbc7fc 659b9677d6196eabd63ce0feb5f4466accb72df7 08d0ab3696a84b16c7cc5306bf6d83dd27f99a2ce221ed337bf09dec8ebf95db Loading...

	widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js	10 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:35 Last Seen2024-05-19 19:59:12 Times Seen611 Hash 54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js	101 kB	2024-04-24	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-05-15 18:55:38 Times Seen69 Hash 51ddc52774f4e5bd6a6f1c22e9d19674 374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4 642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-07683518.js	40 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-07683518.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:27 Times Seen46 Hash 5609f3d5d46109e5230f492c3d89cdcd 522c0a551da1db7753e72b6a629064a6170791d9 13f2ef217e2e8cc997cbcaa97126a6c31430ae1d073e406944364fb5f45f70e7 Loading...

	unknown	39 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 20:06:16 Times Seen957 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js	1.3 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 59e405a5c84540fd5cd4a47c01954bb9 877928ec86d9742b605ab481e28e4ca40163154b a50357ec75eb7f36a26bfe20b003e614f8bfd8298d502b26c9dc36cbdc1d362a Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js	21 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen22 Hash fb60e20d94667a730b2505f72a36269f 9553f3349aae185bd43d95b7ea735790b5ac35d4 24b7cc1abd1d6224f08db147e7c866945d1f205b36b55ac5a5f1c47ed96d69ab Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js	144 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash aedaa99fcce183a213f358a727e9eb87 7fe33331acbced57be412f96baff3a4595e207fb 2ccadc0a2eea97aeeb5f1825ad9bdac3873481a54bcd3b42cf6724271cd0f6ac Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js	69 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 19:17:03 Times Seen115 Hash 138de5d55ee831195dd90bbf5c557926 4413082980942643803d8d4567df2f8395c0e868 55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js	25 kB	2024-04-24	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-05-15 18:55:36 Times Seen55 Hash 701ad5a22b8ea7213a53e334d0898349 87749d947f6aa40eb671447b58261d710ec5479b 07669c2ea7c29dd69e47f5518ba73b76389f3479e19f7362b461ef0fff96c1f0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js	15 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:15 Last Seen2024-05-08 09:00:23 Times Seen30 Hash 81deb8b2ab30cd1729e21622a32d9814 41b982e7a7e4eec22ce01ff1a3b854e51e385789 41159eb3d25b42d4e655a6a3f4e6b0777c2d8a572277d77f9104e171b8aa5589 Loading...

	widget.suphelper.top/injector.js	208 kB	2023-12-17	2024-05-19
Pretty URL widget.suphelper.top/injector.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 15:23:16 Last Seen2024-05-19 20:06:19 Times Seen1035 Hash faa1c0b5a845868ac1a8071b6b87d458 71034e9bb2726a20b2afa197ff4e1b52c2ab976b d7585c13a4abd3b295a15b2bce2b2d7121a697f42ea85f89f40624ac26b075d0 Loading...

	widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js	3.8 kB	2023-10-05	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-05 09:17:37 Last Seen2024-05-19 20:06:15 Times Seen2073 Hash ba1681cca05ff7b4f8698587da76ab26 7113520b461dfcbdcbc1725a1acc6e05547bf20e bcfc83f65454f29634e61503e84d77f3fe8bc06451b90927bf842e9ad352ac64 Loading...

	widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js	107 kB	2024-04-25	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-19 20:06:18 Times Seen246 Hash d0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5 Loading...

	unknown	96 B	2023-12-06	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32:27 Last Seen2024-05-19 19:59:12 Times Seen976 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js	24 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 01:37:00 Times Seen20 Hash dff08fc651e74f6ad7d80f2cb43e29e5 e1b0c10b245faa60623785bdefd27c9999483231 fb6ee46c49eb61f09a2dbfe856f0b41f4206323fd9dcc2dc8921ce951b9780bf Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js	76 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 01:37:00 Times Seen20 Hash 4fb1e7d0f5418f3df96622b000ebe6fb eef890c8cf6d2c72eae34e39ba2e8e6ff79c8754 fd9fede696dd12b00cc9af15ca68f1209b5fd351f5bc32052221adbbb12d8e8b Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js	110 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 756179b1f968d35107908086a552c869 5c1f6c8a0c1eed4246c04dac52c4b7056fc991e8 37093cd5b15bf40421db8a64625a01317d043479685d2e1f84accb8fbf992ea6 Loading...

	v3.traincdn.com/_nuxt/check-ob.js	211 B	2024-04-24	2024-05-19
Pretty URL v3.traincdn.com/_nuxt/check-ob.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-05-19 19:59:12 Times Seen279 Hash ced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js	32 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:30:37 Last Seen2024-05-08 09:00:23 Times Seen56 Hash 56a0eecb3ec4576e9abf6f8f3e2707f9 6ddfcb4b1669c1323d87906b720fe8e4c258c143 81a5331c3ce30f9e8f21bf5e69591e24dd0c77d9b69157bf0a5e2242fc299ed4 Loading...

	widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js	108 kB	2023-11-02	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:20:57 Last Seen2024-05-19 19:59:13 Times Seen2526 Hash 83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js	12 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen53 Hash 805e7c2cd861f2191db66c39ab28e86b a6353246547e9a9fd01093fcb784d708d187e3ef 82686dab55962ead6916346bd901b3fc03357bb2a0e74dfe966ff784d75b2368 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3a9e96a04d11.js	4.2 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3a9e96a04d11.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:22 Times Seen16 Hash da4fcf0e06e63dbfcf3058f435e0a172 7c544d459b9305c651de2b6c6a48a8188504c3ae f2735fd1ef60ddd6d03eb6c9a4b37b94913c89775308c2880f8dcdf8a321e115 Loading...

	unknown	47 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 20:06:16 Times Seen954 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5	15 kB	2024-05-02	2024-05-14
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5 IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-14 10:51:33 Times Seen17 Hash 3e520df15f0dee47790b221cd7d47d5b a9dc00c41ac65b02bce01a2deaf9a44379f25e8d e14077003b6f51a50d2c053edcace82150b0f1b20373a11ca7dc57e4231cbf34 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js	2.3 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen50 Hash b44bc16cd2630bfada5ec9cbdbfcafab 43918946155d48f6cc8ecba42e2cf2cab28debd7 189ec6fd8e44cc47498706a2d2c815da1dc255040ef5ef57f5faa7c10c05ae42 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js	2.1 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash e4a5e0e3cafb59fadf6c400cfd363b1a 9782ef66f8c66b9daf7c71799bb64a36791aafcd 528a971a8fd97998b7c66f789d482b73572d3f2f0a1c621aa917552c0abf3c68 Loading...

	v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js	7.0 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 91d17dbf833b48149a8b5d2f21895879 bd71a45fa4419ab4ddbc676f0a9cca2be05e1703 f085ff2e310ab82817411e3ed64d0902de49e149d0958cadb91d518ed5854335 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js	2.4 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:17 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 3a0e4a54185bcc66d2e032dd30a385eb 627755ca54def0761f25f827d5b4cb483e1ca83d e0bc5ffed1e6fd6285fea94e991fa8ec48a5f17677519c766d7ee7e757a02239 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js	1.2 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash 22e67b67b6c959d57aa78ae317120f36 ba2fb2181061d5aed5b6c98ef0aa0bd0aa135ece c696029dc6e79eb249d40656e1842626f439c5ba2851629fa1b33faf884111a3 Loading...

		Size	First Seen	Last Seen
	#1 Eval - ebdea3cc5eeba6db64690c1ac236735f	40 kB	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 00:04:32 Last Seen2024-05-08 00:04:32 Times Seen1 Hash ebdea3cc5eeba6db64690c1ac236735f 06b3ad75d33ab1caa4e42de692606c6dfc201a5e 64dd85c163dc5a9aae862a5b97553e890ba25ded5ffa911ca8284ec988af323a Loading...

	#2 Eval - e1489d1f825052cda295fafb8fb7c433	110 kB	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 00:04:32 Last Seen2024-05-08 00:04:32 Times Seen1 Hash e1489d1f825052cda295fafb8fb7c433 1b36410a709f7f3728a04a48a523df27ce0be402 6f138868722df5b215d0fb91e05a8f751060dcba38d094d4f61212039b015693 Loading...

HTTP Transactions (266)

URL IP Response Size

1xlite-461430.top/polyfills.js

178.253.29.51

0 B

URL
1xlite-461430.top/polyfills.js
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (47215), with no line terminators
Size
15 kB (14752 bytes)
Hash
ef9def5f3c8a190bfffb14ce24c6eb58
c5fa568c8f9bee2aa988c80a7246e07edd8d84ba
d5d3ad6908352036bda426fe1fdc6f1dc03ac13a7029bbf25fa50580abd9064f

HTTP Headers

GET /_nuxt/desktop/default/runtime-baf5b66c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 14752
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-39a0"
content-encoding: gzip
expires: Tue, 07 May 2024 10:54:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f080f1068b500a1fc43cb940d68a18c6-d56598635e35ea1e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:54:45+00:00, 2024-05-07T10:57:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js

185.244.209.62

58 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64940), with no line terminators
Size
58 kB (58244 bytes)
Hash
8b5b82fea92540c112a534ae258307e2
380afabff0faa228d8c4f10cc9947b310d1bab68
ab31af22488ac9b76c9790f4d3cf1096a9402e7ab4a5b8e09d373cb5b62bc651

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 58244
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-e384"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5287bdf7460beb3505200b3d80a8f6f0-a71a165c98399c8e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a4f501bb.css

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/a4f501bb.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54112), with no line terminators
Size
7.4 kB (7418 bytes)
Hash
32a89d535782c71f2aee2541afe97325
9ad12cc6ccd6b059073f779e9d91c6c6674e1289
ea1bc845a76d5e0e7738e217f8f0c47ac62ace9bddebba5059499b3451aa6ef8

HTTP Headers

GET /_nuxt/desktop/default/css/a4f501bb.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/css
content-length: 7418
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1cfa"
content-encoding: gzip
expires: Tue, 07 May 2024 10:53:28 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-907a146117f1731e32117d4e08b3eaf3-88951c914c937d0d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:53:28+00:00, 2024-05-07T11:19:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5

178.253.29.51

163 kB

URL
1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
HTML document, Unicode text, UTF-8 text, with very long lines (14176)
Size
163 kB (162939 bytes)
Hash
6ee58b796a909c358d72e754df987ec0
c7ab68d5054f47e85d9b3f4fb1a32cc42ff77571
1797c1a15069736e8d21df7a2c45f6ea93d02165ebbaa5922ba66ea81b9efe85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/html; charset=utf-8
content-encoding: br
server-timing: total;dur=1650;desc="Nuxt Server Time", dt_total;dur=2219.569, wf-uht;dur=2.298
set-cookie: lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Sat, 06 Jul 2024 22:03:42 GMT
reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; Path=/; Expires=Tue, 07 May 2024 23:03:42 GMT
postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; Path=/; Expires=Thu, 06 Jun 2024 22:03:42 GMT
platform_type=desktop; Path=/; Expires=Fri, 10 May 2024 22:03:43 GMT; Secure; SameSite=None; Partitioned
auid=sv0dM2Y6pT8Um4wfAxiqAg==; path=/; secure; httponly; samesite=lax
traceparent: 00-7ec2258a60ce6f5ef734dd0a8c87a6bd-8346011b97751b2f-01
vary: Accept-Encoding
x-dt: 285
x-frame-options: SAMEORIGIN
x-time-ng: 2.213
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (40656), with no line terminators
Size
10 kB (9977 bytes)
Hash
3645d2d457e7c89dbddbc70d1bb71d2e
d91ac83ee98ca90c4a45448683041facd9b325cd
a615e922b7060fe133277857d8a581923a62ce0da64aff95340bd9b884856a5a

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 9977
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-26f9"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-48343df97b2d83c86ec7d13fee0c528f-1bbb7d692f240afb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65113), with no line terminators
Size
17 kB (17011 bytes)
Hash
5c486444497d7afeea7cabf3a651d76a
a5c40dee88530a85a4c061ad4379b13e3b8df745
9c3b64738e185dacb94ddfa13c1807be093f49e0a3b5810f92db524ea9f60020

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 17011
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-4273"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f0091f1cedd8770d4133e7d892b453de-a2c4ca2b159c1f67-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js

185.244.209.62

9.2 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31683), with no line terminators
Size
9.2 kB (9205 bytes)
Hash
3f5e6415a870624bda2cd9741726af93
a5f7d27d2ca9f7e89a230ad43754f4e0390f293a
68449536372a92443232c2c9299ebc24a5f62543e6b12cd0a137b078f50d6e9b

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 9205
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-23f5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d712cf61eee132993c8e2b365a6c704c-974b82d72ab74f65-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6716), with no line terminators
Size
1.3 kB (1324 bytes)
Hash
be35c859b4087d52ff863e02472b7438
acce1097a331dc2ec0669d17db06c679e7c81be6
af7c9af6bda4b329f14b870f4df09e1b11e87d8dba17c30eed496dc5d27dfc1f

HTTP Headers

GET /_nuxt/desktop/default/css/6cc025d5.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/css
content-length: 1324
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-52c"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-61614ae1eddc6d0162c09d8e7197ad8f-8a3cbdcf45fad0e0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14590), with no line terminators
Size
4.2 kB (4207 bytes)
Hash
81deb8b2ab30cd1729e21622a32d9814
41b982e7a7e4eec22ce01ff1a3b854e51e385789
41159eb3d25b42d4e655a6a3f4e6b0777c2d8a572277d77f9104e171b8aa5589

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 4207
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-106f"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a0f7f51feb54dbdc426b1f71738345bd-a3d11b8eaa80f853-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:46+00:00, 2024-05-07T10:01:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css

185.244.209.62

1.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8509), with no line terminators
Size
1.5 kB (1491 bytes)
Hash
b0cd3891fe08ec67c50bbdfd9f7e9181
205511f8e55a0498e8129c290759a26ba4a4db31
75c619e9cabd7b2c1939e6837909e12c51fb3e68888ba20d650cb1939f983f6e

HTTP Headers

GET /_nuxt/desktop/default/css/98ce2926.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/css
content-length: 1491
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5d3"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d7cb980ca97a2373340d70048a0452a7-fd307929321fcc93-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js

185.244.209.62

644 B

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1333), with no line terminators
Size
644 B (644 bytes)
Hash
59e405a5c84540fd5cd4a47c01954bb9
877928ec86d9742b605ab481e28e4ca40163154b
a50357ec75eb7f36a26bfe20b003e614f8bfd8298d502b26c9dc36cbdc1d362a

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 644
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-284"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7f540b0983d15913004629ae70364b8d-f377f83f307ac9f3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7613), with no line terminators
Size
2.2 kB (2209 bytes)
Hash
68b874a85269b1e64bfd1065d0254a1a
46d5559120d28058a530b18616085b6826bb03c3
7a51983ef71867325dd5d9bf7b7eadc66b567a882f50c1d09158bf4f7de8b587

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 2209
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-8a1"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-10190fe2441d2ef44ce1d7847e0d8757-5e9cef35ea31eea4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:40+00:00, 2024-05-07T10:01:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js

185.244.209.62

5.9 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21262), with no line terminators
Size
5.9 kB (5874 bytes)
Hash
fb60e20d94667a730b2505f72a36269f
9553f3349aae185bd43d95b7ea735790b5ac35d4
24b7cc1abd1d6224f08db147e7c866945d1f205b36b55ac5a5f1c47ed96d69ab

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 5874
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-16f2"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-28f8b40d2e13e0c270dc6c54c6c7d24f-8fb8832d09fcb4ed-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js

185.244.209.62

200 OK

3.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (13913), with no line terminators
Size
3.5 kB (3531 bytes)
Hash
395deb0abfd0ea102c0c9aa4cf08b2f9
b53c99a2bce733f0a45a075000949d34e2fd0b17
f11d7b6985d7e97030628cf137377b14e9316f8919f80dff4cdd488366aa6652

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 3531
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-dcb"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9c399198879a9a57676a1507e4783ef8-ab8cb5b91326f060-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:39+00:00, 2024-05-07T10:01:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css

185.244.209.62

200 OK

2.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (20960), with no line terminators
Size
2.8 kB (2763 bytes)
Hash
6cae6098e169876c305ca92f82fe3cde
d27c18f05738795d575c8ce370ed83cf07da0a5a
7095d096e88dd0a09d84d063de1e0eedd406b032150a5af99e796c2ac63bcfe5

HTTP Headers

GET /_nuxt/desktop/default/css/9eb4939a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/css
content-length: 2763
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-acb"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ae03d953b6223e03a9054dc8bced0bfb-29cb9147e008bb31-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css

185.244.209.62

200 OK

332 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (975), with no line terminators
Size
332 B (332 bytes)
Hash
31aa50dcbc858f61bf3ed903493b8431
abf67e7f02256d2d5c5e2054b2930aa9b5ece999
18337e3b3c6f57695afaca43e471c075fd711e0485b4e7f1fdc1b6fe4e8703d7

HTTP Headers

GET /_nuxt/desktop/default/css/885d64fc.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/css
content-length: 332
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-14c"
content-encoding: gzip
expires: Tue, 07 May 2024 12:17:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c3d696d739ac71adcfadf0cb537c581d-cf25947c91b68b8b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:17:32+00:00, 2024-05-07T20:11:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/version.json

185.244.209.62

200 OK

44 B

URL GET HTTP/2
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
265e4e9c948f929631d7e9bcf0d19d5b
c70f40cde4e09003b980fdae5130f3695de16add
62ec6fa5c15470b882bd7e05f5651b0a265a0cb2857cffa5cbfa34b3d2cf42ba

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:44 GMT
content-type: application/json
content-length: 44
last-modified: Mon, 06 May 2024 10:24:15 GMT
etag: "6638afcf-2c"
content-encoding: gzip
expires: Mon, 06 May 2024 10:50:26 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-55ca55e90d01b2ddd9df86996c2c143a-1e62e09458fe8ace-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:49:26+00:00, 2024-05-07T22:03:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (41615), with no line terminators
Size
10 kB (10290 bytes)
Hash
21a80fe42c418607606b5ee8ebc9ebe2
b93c8e0a2f18dd371501e1a8739e9445b2c1d9d1
880f72443c469f2d2e9421789eaeb1f2042a8c4ccfc8ce9057a685d588a97ff3

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 10290
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-2832"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-70a72bf557faa007585594f1b22fa59f-2e82eb67e04febdd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css

185.244.209.62

200 OK

194 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
7f1ee7f9ec47159043591789124ec7cc
bb021131214d4b70b327355a5a947b974f2eccbd
4041bafac614e354c03b647dc8d226e140460381c4816a65528e4ba428b0a0ad

HTTP Headers

GET /_nuxt/desktop/default/css/c3d37cc4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/css
content-length: 194
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-c2"
content-encoding: gzip
expires: Wed, 08 May 2024 09:23:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1388da0730e0963bcbd3f426474c8124-c9abafefcfcd68b3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:23:40+00:00, 2024-05-07T14:34:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js

185.244.209.62

3.4 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10178), with no line terminators
Size
3.4 kB (3365 bytes)
Hash
be042bab68dd466121fb1460a17b1795
3dfa3c583644e2aa71ff199a262a54e17cd378d6
2a7bf413f8f8d67f545da852425cdec3b3960fa2c62960ca49c5a2dc43108ac0

HTTP Headers

GET /_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 3365
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-d25"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3f8666a59d3cdc5758972f66f0923edf-82651d6db4f7ab75-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css

185.244.209.62

200 OK

3.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (31339), with no line terminators
Size
3.2 kB (3226 bytes)
Hash
9e9b190c1ab8126c2576203d5d43ec63
a80ccb6739023605edbd86be13f38a58ff7f4906
c4a28e2bbc67a853613460727d4abba3687be55593a7513a4079ea34579fbb02

HTTP Headers

GET /_nuxt/desktop/default/css/ca542d7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/css
content-length: 3226
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-c9a"
content-encoding: gzip
expires: Wed, 08 May 2024 09:58:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bd35f6ffa0926f393c3d171b5071d700-cd760ab35906376c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:58:01+00:00, 2024-05-07T10:40:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js

185.244.209.62

200 OK

2.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8663), with no line terminators
Size
2.5 kB (2475 bytes)
Hash
a5db05d47f7f37c06acc29a0f4eeb447
b9ddddb586721548eaa4a62d7ae420bfcfc5bddb
4053d0ffbd3af6bc022131a3f123bd4e88825f1b5f06a74dd2072a2b0fe3f243

HTTP Headers

GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 2475
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-9ab"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4204f7bcc292b7b8fa4c4f34c87068c0-4a3e24a2b6c89c99-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css

185.244.209.62

200 OK

4.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32277), with no line terminators
Size
4.0 kB (3964 bytes)
Hash
eeaf257a8645b90669a2ea93b8fb534e
d81289258b7a5c126dd860232760852cc8ad865e
3a170c88ab694ad7552f7a84baa04ddb248c32b7f8ffe16d55dd73685de87aa6

HTTP Headers

GET /_nuxt/desktop/default/css/85148a0b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/css
content-length: 3964
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-f7c"
content-encoding: gzip
expires: Tue, 07 May 2024 12:54:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-89fb0b140c8147c4dc2074bd8fab7b4b-45ac7452013506c8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:54:58+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js

185.244.209.62

7.8 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (28142), with no line terminators
Size
7.8 kB (7775 bytes)
Hash
9167c6082d419d35f57a606871184d06
d4c4fac03b353c5881c352d6ac0c05947dc2e633
bed35ed9386f6d0d6f3096d00c7d14e042c5cb404f07ef0bb9abb4cc381e89c3

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 7775
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1e5f"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8f4bc0dca2941d96074927ff98046a54-1ccdb72852f73870-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css

185.244.209.62

1.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4632), with no line terminators
Size
1.1 kB (1113 bytes)
Hash
f74d8b7e31b6ab236a9577348874385d
87091e6542649037a05fc137fa449b713c85225d
b33d72295f1edbfc13da30236c4b811cffe4ba8ef758a515914cd69cf02edbf8

HTTP Headers

GET /_nuxt/desktop/default/css/5cfdf959.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/css
content-length: 1113
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-459"
content-encoding: gzip
expires: Wed, 08 May 2024 06:45:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-603bb4769d4e21f12eff1b1b51da7e2b-c001213208daaad7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T06:45:39+00:00, 2024-05-07T09:06:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js

185.244.209.62

200 OK

8.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (29805), with no line terminators
Size
8.3 kB (8283 bytes)
Hash
93a3cdd4ea0ae5eb295e71988355c5d4
0c9e334aebd99fb9c44575c99abda82d0b53acb1
104a5a19f0a8b4d443e55c32daf49eea2343ee96da27b48c21f09e1425081d62

HTTP Headers

GET /_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 8283
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-205b"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c03fa14037303f488e8bdedfccb11a94-893ac4d2bba6b603-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js

185.244.209.62

200 OK

6.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (20014), with no line terminators
Size
6.3 kB (6258 bytes)
Hash
adc7f8e289bd475a5a922c91b93591b2
540252cd02880714746d3656e61c67e7acab7fda
3b542ce26d333f558f94adb8cac49e58be95a5470eb3079d1dc0b2b7a7c97b6b

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 6258
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-1872"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-19ab38c0bb1d19389bcdb67d2eb596ed-bcfc466f76f86b00-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js

185.244.209.62

200 OK

225 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators
Size
225 kB (224914 bytes)
Hash
c4d75347728629ec3f0b90dc82f0a3d2
ff949fe02da04d39be746f8d091a1a7b30126f7a
8ca2bd3ad104c33fb6189e87cab8992734ca6bf99a631ed413f63444b834d33b

HTTP Headers

GET /_nuxt/desktop/default/app-1483c42a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 224914
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-36e92"
content-encoding: gzip
expires: Wed, 08 May 2024 09:01:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c467ffcb7f4634da3e7f42503d54a18f-f217b4fea5b4b50b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:01:03+00:00, 2024-05-07T09:06:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js

185.244.209.62

47 kB

URL
v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
47 kB (46801 bytes)
Hash
03b89bdb4f6013159d40de88c98403b6
cf41351caa86d91b56cf839d54ab28bf8f4f54f8
42d02ce0b520e2d8ce7341a0b07d92cd3833d762337b1f8aabc6f7f23e6fad4a

HTTP Headers

GET /_nuxt/desktop/default/commons/app-2e30fd7d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 46801
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-b6d1"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-43cd85284ba34d529953c446e202e2e1-c5e3ec8671a636b4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:58+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css

185.244.209.62

2.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9958), with no line terminators
Size
2.3 kB (2277 bytes)
Hash
76a1e3dd8e25bf9a48bdd896de779d20
38c3643e25808d1f3ab167273201eac8c113c088
aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273

HTTP Headers

GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:44 GMT
content-type: text/css
content-length: 2277
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-8e5"
content-encoding: gzip
expires: Tue, 07 May 2024 11:27:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-65f81b8dda2cc0d199149ae4418284ed-8ac698341bf3fd96-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:27:59+00:00, 2024-05-07T12:10:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/035c0001.css

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/035c0001.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
14 kB (13859 bytes)
Hash
ac3b78bdd1c881f78913b967fd22a91f
15295665baa2ccaf71e8a093f333d087621a17ee
ee4c84a2fe257a888fcec5809b67b563aba3a4c52f102154ffa19a685434d835

HTTP Headers

GET /_nuxt/desktop/default/css/035c0001.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:44 GMT
content-type: text/css
content-length: 13859
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3623"
content-encoding: gzip
expires: Wed, 08 May 2024 09:01:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c549f1c81de4cc27e52282ceda89781a-200c60558e1a45dc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:01:03+00:00, 2024-05-07T09:06:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js

185.244.209.62

200 OK

267 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61101)
Size
267 kB (267237 bytes)
Hash
1992415420cd9d59941e07133aa0c521
308a748fa982a440a112cb9e449f25a23bd6d83e
94a8f060251c7e705ee8c823783cb067e2844edb0f3900b6b0e91948d92ce907

HTTP Headers

GET /_nuxt/desktop/default/vendors/app-d26cc899.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 267237
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-413e5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6205ae9917aba591013449f6f4215893-477ca2823aabd081-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:58+00:00, 2024-05-07T14:49:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:44 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-70a0748ca891de689dca67dfaedf69eb-1516697e9e8df8d0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-07T21:12:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

65 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:44 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-685e6b6b189a178aa1ec4185e04bdd7e-97bbcba7aefae6c3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T21:46:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:44 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b93619fc8faf46a913d00d3ba5db2c46-62f2ef255ba68223-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T21:37:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/check-ob.js

185.244.209.62

187 B

URL
v3.traincdn.com/_nuxt/check-ob.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
187 B (187 bytes)
Hash
ced67278c38d1ce1297c121af69fff8a
df6e1531fd84d956263b04254e6f94f5356623f4
2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616

HTTP Headers

GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Mon, 06 May 2024 10:23:37 GMT
etag: "6638afa9-bb"
content-encoding: gzip
expires: Tue, 07 May 2024 12:56:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d4144825e88813c5b0a4eb1760874e20-ebf4162c519e3f0d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:56:18+00:00, 2024-05-07T11:36:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png

185.244.209.62

200 OK

653 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:44 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c83a7fe98875fa8428fea057223583a4-a45c136fcc5532c7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-05-07T21:13:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css

185.244.209.62

194 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
2818ab9c6ece35261fbf658165189623
f01f8175a7a89449a1dad5f2a7df06c5866c10af
b4f0b619b6f6ece6589df376a16eae022b084640348887d3c557e20a37207583

HTTP Headers

GET /_nuxt/desktop/default/css/f5105820.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: text/css
content-length: 194
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-c2"
content-encoding: gzip
expires: Wed, 08 May 2024 09:24:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-389259c4b19e7255bd5971f53b2ac3e9-93343936c018c601-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:24:14+00:00, 2024-05-07T17:58:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js

185.244.209.62

200 OK

633 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1235), with no line terminators
Size
633 B (633 bytes)
Hash
52ab057c90af6d742e95f43ff97e95ff
dfdce102add5fc4fa06ac366a663e7a732bd9352
feedd981d953d2933cbb35a49608ebf408f13f457399c2b11aa1ef5eb76db547

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 633
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-279"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ec28d4e9d8986349e54ac9e453ca79b9-75e7470c19aed388-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:12+00:00, 2024-05-07T15:18:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14574), with no line terminators
Size
4.2 kB (4187 bytes)
Hash
2f5a8b05ac32c583fcde180d9d46fce9
86cc94f0c76922b731336bb6c13ff2839f37d689
6f2a20b4cda56cb4d92bd6d3817945c5e659723eaf3e5c85f0a00274c909a9cd

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 4187
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-105b"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e845a4058d646a937194a20d91c1780d-53a0f16c17de6bee-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:12+00:00, 2024-05-07T15:18:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css

185.244.209.62

1.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6872), with no line terminators
Size
1.3 kB (1331 bytes)
Hash
7727cc93d85a2459297f9b1237fc6a92
f37f7a3ec3d30df2513a38dd2c67fefaf038edec
e4559060670fd8cf92ad4e830ae9237d2bbc735470f4597ad5d943388d9248d2

HTTP Headers

GET /_nuxt/desktop/default/css/2a37879e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: text/css
content-length: 1331
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-533"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9dd04c795b1eaec045ea88b40d87757f-0a0aafe8f15e4ac5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:13+00:00, 2024-05-07T15:18:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (37196), with no line terminators
Size
10 kB (10214 bytes)
Hash
149f1f916b0c47494c7bdc15122390d4
f6be7ef6c3649f4b83fd19f7459dbce46ff15925
f8ecbd7355d64beb3e23daea185a634fa436012d707160381bb3b65548a9c92b

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 10214
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-27e6"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3b0e02afbed35f0983cda4af83228cfd-4c769fe0e7f39234-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:12+00:00, 2024-05-07T15:18:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js

185.244.209.62

37 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65461)
Size
37 kB (37176 bytes)
Hash
aedaa99fcce183a213f358a727e9eb87
7fe33331acbced57be412f96baff3a4595e207fb
2ccadc0a2eea97aeeb5f1825ad9bdac3873481a54bcd3b42cf6724271cd0f6ac

HTTP Headers

GET /_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 37176
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-9138"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3c6247afc050f0b353ae025b0dcd3645-81626d606c0ab064-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (36638), with no line terminators
Size
10 kB (10115 bytes)
Hash
63e1a6027725eca572736670eb935432
e3578492cf68e66a44f556a98545294a5b1bed5a
e96e0e4abe03d7fb0d2449e0f2bf27bb0ee85cdd4d7b4098276c712842b45d8c

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 10115
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-2783"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8eb4f5f226e5694dccf3cb46609c7722-95c73ba0eaf75ea4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js

185.244.209.62

5.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19536), with no line terminators
Size
5.6 kB (5565 bytes)
Hash
860ea683ac1ca8494adc10cb2ea4fcdf
a1004cb9bb3a036d215dfbf6b9bade88ad81a7a3
e8fcc72111c9040f545dd314899e61e406ceaa76601c816dc3c1a7b407f88850

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 5565
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-15bd"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3dbb24bd1a5286acc4c42202e548bd83-02f80096f525e3dc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/4b5c6c89.css

185.244.209.62

200 OK

6.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/4b5c6c89.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (53058), with no line terminators
Size
6.7 kB (6667 bytes)
Hash
173f5247c95e1b42bb3b77ed0a8eb44d
5b4b32ac3c6b995e254b7e8e1ecdf00ef4882aa9
f20b6d24581afe4c6af83abbc14b11194385c8e5f15a27e972724f61891c6dd0

HTTP Headers

GET /_nuxt/desktop/default/css/4b5c6c89.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: text/css
content-length: 6667
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1a0b"
content-encoding: gzip
expires: Tue, 07 May 2024 12:55:22 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bb8423226b4ff5fd9b18fd89c9b3f8d6-90de3eaa72aaeb16-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:55:22+00:00, 2024-05-07T15:18:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js

185.244.209.62

200 OK

32 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64912), with no line terminators
Size
32 kB (32522 bytes)
Hash
474bfa89621896100251055f7c19712b
0e19c615fc77f9ed2d69d74b7f8a42d41c6f5138
ea0fef6e0a33df0b36bdce2df6b8bf50eef0dd3b71c7c6fc567a7d7c5d39fdd3

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 32522
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-7f0a"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-aae0af57b1c9bfcf5eb99b68b3e54403-d2eb5cd5ed6613a9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js

185.244.209.62

29 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64788), with no line terminators
Size
29 kB (28917 bytes)
Hash
6bb873114649db4b87839383a7d31921
91b56ad064a4b8fd0d7edb89a040c6b9d06866aa
6dc41e4f75d65dd3dc2f311198e1a9b2b65e0687c2d905b7d64cf9265f7bda2d

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 28917
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-70f5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-36dfbe01014b05ffbf8981afebb0aa3e-141283f196f59083-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css

185.244.209.62

200 OK

4.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (38649), with no line terminators
Size
4.8 kB (4780 bytes)
Hash
8ab5f1e804e2a4565dea164054ff0907
7ee2bea2c9dcb6424f707c35588a316a249270fa
ce3424802faaac382a0efe23fbc285123fae95d0461ecf26e4881e1907acd9ec

HTTP Headers

GET /_nuxt/desktop/default/css/f72f2b10.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: text/css
content-length: 4780
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-12ac"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-eebc16ea619af3cd6e6029f7626668ef-5cd0af30e411858a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:13+00:00, 2024-05-07T15:19:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js

185.244.209.62

22 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
22 kB (21889 bytes)
Hash
45f90516ee8a557d78c08e1e925c1490
adc0363ed75f47f9513a36a94173c6e4940a2adc
f5b8b3c4e62dbb4ebc5fd634f5bb17b3145a14c21bdc3e9c0a4dcb45b9e573fe

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 21889
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5581"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6882cb34adb79d2397c14aced9f7fe44-081b9d243d05092b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js

185.244.209.62

4.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12527), with no line terminators
Size
4.6 kB (4556 bytes)
Hash
805e7c2cd861f2191db66c39ab28e86b
a6353246547e9a9fd01093fcb784d708d187e3ef
82686dab55962ead6916346bd901b3fc03357bb2a0e74dfe966ff784d75b2368

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-11cc"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-428fb409e0362c5e300a59f21dbd751f-e2425a7f6c7cf38b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css

185.244.209.62

200 OK

953 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3352), with no line terminators
Size
953 B (953 bytes)
Hash
748da80084597d87b4ff5e98b017b07b
db6ad2ec24bfcbe751a23061d935403e1163f471
4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24

HTTP Headers

GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: text/css
content-length: 953
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3b9"
content-encoding: gzip
expires: Tue, 07 May 2024 11:05:11 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-09d89402553f9fece1ca21808d881a00-8ba4115eec3ad59d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:05:10+00:00, 2024-05-07T15:29:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js

185.244.209.62

8.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26717), with no line terminators
Size
8.1 kB (8055 bytes)
Hash
ead4a901af60e4b8138e732f0aea9637
7c1d57d444a07553738ddcb8b6a2bee305a0c215
e6bc116e4cb54d011d2a1fa1f87ab12d1f320aa8dc54c89b1f286f2b02ee14c0

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1f77"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2f32300eebab6edd9f5e63ff502f1abf-aabfaba2d124bca4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js

185.244.209.62

200 OK

2.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6960), with no line terminators
Size
2.1 kB (2120 bytes)
Hash
91d17dbf833b48149a8b5d2f21895879
bd71a45fa4419ab4ddbc676f0a9cca2be05e1703
f085ff2e310ab82817411e3ed64d0902de49e149d0958cadb91d518ed5854335

HTTP Headers

GET /_nuxt/desktop/default/date-fns-locale-21-290f49eb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 2120
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-848"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a7d356d2cd7e05ccc0ef004b817c4fac-b893de6b1986fed9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:15+00:00, 2024-05-07T17:01:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js

185.244.209.62

200 OK

999 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2336), with no line terminators
Size
999 B (999 bytes)
Hash
b44bc16cd2630bfada5ec9cbdbfcafab
43918946155d48f6cc8ecba42e2cf2cab28debd7
189ec6fd8e44cc47498706a2d2c815da1dc255040ef5ef57f5faa7c10c05ae42

HTTP Headers

GET /_nuxt/desktop/default/DC-7e6a4aad.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3e7"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-678da82eb7b4a7edcd792c7825f1020e-073fa32062806a33-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:01+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/version.json?timestamp=1715119425596

178.253.29.51

200 OK

44 B

URL GET HTTP/2
1xlite-461430.top/version.json?timestamp=1715119425596
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
265e4e9c948f929631d7e9bcf0d19d5b
c70f40cde4e09003b980fdae5130f3695de16add
62ec6fa5c15470b882bd7e05f5651b0a265a0cb2857cffa5cbfa34b3d2cf42ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1715119425596 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/json
content-length: 44
last-modified: Mon, 06 May 2024 10:24:15 GMT
vary: Accept-Encoding
etag: "6638afcf-2c"
content-encoding: gzip
expires: Tue, 07 May 2024 22:04:45 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css

185.244.209.62

178 kB

URL
v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
178 kB (178189 bytes)
Hash
34ad47b657924220dbaadd24b4322118
134120d28e80a917bdc5ea6b2670988e6c865617
9dbb2a696b1333f0b8f221ad154eee576cfb6b2f51019b79ddec6fe860f05bc8

HTTP Headers

GET /sys-ui/2.2.11/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:41:52 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713872392.088051093
content-encoding: gzip
expires: Wed, 24 Apr 2024 14:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.008
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-48dd6152631e53feb9fc0b4269722ac0-21af9b52ca230ad0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T14:28:29+00:00, 2024-05-07T14:49:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js

185.244.209.62

1.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2425), with no line terminators
Size
1.6 kB (1577 bytes)
Hash
3a0e4a54185bcc66d2e032dd30a385eb
627755ca54def0761f25f827d5b4cb483e1ca83d
e0bc5ffed1e6fd6285fea94e991fa8ec48a5f17677519c766d7ee7e757a02239

HTTP Headers

GET /_nuxt/desktop/default/Betting.Core-d4a24bae.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 1577
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-629"
content-encoding: gzip
expires: Tue, 07 May 2024 10:54:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-134d6630bd13a6ed57eb06f6aa41cf9c-a4c60dca9f054cbe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:54:52+00:00, 2024-05-07T11:19:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3229), with no line terminators
Size
1.5 kB (1451 bytes)
Hash
0cc9277dab4117c9b162cc01e1f0b97f
5b7d9007e2d99d3715c5f226aadf44aa4da4332b
6d7637a83c7812813039573e9c67efbb30e4021a971c546621a397eb72ea4bd0

HTTP Headers

GET /_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5ab"
content-encoding: gzip
expires: Wed, 08 May 2024 08:42:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-843454f3cced45bf7712a9e2ae819b7f-48dad83cd41b5832-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:42:00+00:00, 2024-05-07T09:23:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3073), with no line terminators
Size
1.3 kB (1321 bytes)
Hash
66c4eb11ec60384b198e73db080c0f32
6fb7618e384b9e01454c7b984728236f178192da
b45c772a5a204e430a575b896edc43205412a5f28539c2e48c152df7669ad7cb

HTTP Headers

GET /_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 1321
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-529"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7da6fa086f032e99bd2c819291a058c4-a70def78b203abad-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:15+00:00, 2024-05-07T15:18:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32231), with no line terminators
Size
7.4 kB (7381 bytes)
Hash
56a0eecb3ec4576e9abf6f8f3e2707f9
6ddfcb4b1669c1323d87906b720fe8e4c258c143
81a5331c3ce30f9e8f21bf5e69591e24dd0c77d9b69157bf0a5e2242fc299ed4

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 7381
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-1cd5"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:53 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f0d9884cd716dfc859cf6e913aa7f6fa-f989b52a2325c64f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:53+00:00, 2024-05-07T10:11:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js

185.244.209.62

200 OK

7.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (31337), with no line terminators
Size
7.7 kB (7722 bytes)
Hash
f9da465f4f7355523306ce6bbf89c0d5
c39974e7867bcdd6bbe385ba52c9be335afdfe6b
a5ff3777031e8ee4babfe1d6a7a6fff1fb2fc0db58de71ea8202bc37a7aab0f2

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 7722
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1e2a"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a2bb032762bdaf9b818b050380ffa845-a095401d6364a465-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css

185.244.209.62

3.0 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (22886), with no line terminators
Size
3.0 kB (3006 bytes)
Hash
f1e1bb557e1155bf9c70751dec445176
013c5224a1bbbf0d6603f25e31863aa90f279b40
7aa1af5184d161c5f279c0da3199cef2dfc0aac5e90cce3e880f1f89401a0a15

HTTP Headers

GET /_nuxt/desktop/default/css/ad481252.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: text/css
content-length: 3006
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-bbe"
content-encoding: gzip
expires: Tue, 07 May 2024 12:29:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-df3d1da0186c39fadceb984905e20531-785b642e3c4271e7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:29:01+00:00, 2024-05-07T17:01:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js

185.244.209.62

200 OK

25 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65483), with no line terminators
Size
25 kB (24938 bytes)
Hash
756179b1f968d35107908086a552c869
5c1f6c8a0c1eed4246c04dac52c4b7056fc991e8
37093cd5b15bf40421db8a64625a01317d043479685d2e1f84accb8fbf992ea6

HTTP Headers

GET /_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 24938
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-616a"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4ed49f3d6bb9f3f7a00716b21d879ccc-b0e43fa4fc15366e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js

185.244.209.62

7.4 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (27479), with no line terminators
Size
7.4 kB (7388 bytes)
Hash
18963957c8f45d24c0819a973d362e7b
5a1846a89c5cc9e8028044ff5948bd94f428c412
d1c98b4199c034c2a115ba70268a3e536640ca8b992887df0b085d476ab1275f

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 7388
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1cdc"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9a613c84532fb7b4b2187060b6f52417-859a49125a56e04f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T17:01:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85022173.css

185.244.209.62

200 OK

1.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/85022173.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9757), with no line terminators
Size
1.7 kB (1731 bytes)
Hash
d9ff2bf37891da2be05d7fd5442113f5
419f63a7b47f983139a1cdc040707ab4b90bc255
05d90d1e2368c45cf52f0796d76035b98b8ab02ff57d218005ddffbfc20963c5

HTTP Headers

GET /_nuxt/desktop/default/css/85022173.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: text/css
content-length: 1731
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-6c3"
content-encoding: gzip
expires: Tue, 07 May 2024 12:55:22 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fb57496581e3ce957844a6032e6e699d-3780da86db4924ee-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:55:22+00:00, 2024-05-07T17:01:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js

185.244.209.62

7.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (24523), with no line terminators
Size
7.6 kB (7605 bytes)
Hash
dff08fc651e74f6ad7d80f2cb43e29e5
e1b0c10b245faa60623785bdefd27c9999483231
fb6ee46c49eb61f09a2dbfe856f0b41f4206323fd9dcc2dc8921ce951b9780bf

HTTP Headers

GET /_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 7605
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1db5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7ec1e208f6d6bc97fad6b3d52b3c5c17-fcad4827236d4cbe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T16:33:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/9f2746da.css

185.244.209.62

1.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/9f2746da.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6439), with no line terminators
Size
1.3 kB (1305 bytes)
Hash
cdd7464b2b178b37ed8a1368b6383203
0a13fc4908d91476649bb51e33d690b460a5a89c
aeacff8e3f578ea2842f067e3f42d53e72a4f668cf526c60dc659bd89f5a3c6b

HTTP Headers

GET /_nuxt/desktop/default/css/9f2746da.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: text/css
content-length: 1305
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-519"
content-encoding: gzip
expires: Tue, 07 May 2024 12:29:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8a758f7d1691e7bd2b5dc30d85dcb4ef-81163d065ea1eeb4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:29:01+00:00, 2024-05-07T17:01:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js

185.244.209.62

200 OK

19 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65283), with no line terminators
Size
19 kB (18960 bytes)
Hash
4fb1e7d0f5418f3df96622b000ebe6fb
eef890c8cf6d2c72eae34e39ba2e8e6ff79c8754
fd9fede696dd12b00cc9af15ca68f1209b5fd351f5bc32052221adbbb12d8e8b

HTTP Headers

GET /_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 18960
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-4a10"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-40ca2f74899a94be4daa6bd0511aaaee-bed565300f829850-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css

185.244.209.62

459 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1526), with no line terminators
Size
459 B (459 bytes)
Hash
97fdf5b6e7dfddf6ab251e984133b2c3
bb552fe685c52c34e0ed91e4dfaa9df2675ad086
92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3

HTTP Headers

GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: text/css
content-length: 459
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1cb"
content-encoding: gzip
expires: Tue, 07 May 2024 11:05:30 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-052650bcd8b65b023884d1d9604e69c0-936ee0e5eeee4a14-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:05:30+00:00, 2024-05-07T15:46:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js

185.244.209.62

17 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators
Size
17 kB (16831 bytes)
Hash
45302df89a240c65824afccc0240c030
84573118a402aa9a4ee0321ccf3f914c438a8369
25b695450684f580508f24855ea2d181ecd499e26573010621dd4a2ddc5af16a

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.media-233f5bf5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 16831
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-41bf"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e377be96d9e5ef41719e6a99159cbff6-1e6bfcd3207b051e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:14:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css

185.244.209.62

1.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7000), with no line terminators
Size
1.5 kB (1486 bytes)
Hash
f379bc6f4b94f34d96f6fe51159bee63
f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60
b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11

HTTP Headers

GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: text/css
content-length: 1486
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5ce"
content-encoding: gzip
expires: Tue, 07 May 2024 14:34:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e649772a36079ce4916bc4dfb1a3172e-5254ab3af348f08a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:34:32+00:00, 2024-05-07T17:11:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js

185.244.209.62

4.7 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16761), with no line terminators
Size
4.7 kB (4726 bytes)
Hash
fda91a0dd5e8251a0c4c540d7e54ed52
3c4a6e38286708cd62ff071ccf97e73f37200728
b3c3c2ee09cf4af0164878165cd9971fbfe83a461c18ad0ef7cfc33b36b782ef

HTTP Headers

GET /_nuxt/desktop/default/betting.media-64ed71be.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 4726
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1276"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-02399878b32c19568513cb8fbe2ddab9-f6fddd54230f1174-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:14:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/session-api/sessions/user

178.253.29.51

200 OK

16 B

URL GET HTTP/2
1xlite-461430.top/session-api/sessions/user
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
646b2e82b65602d35f7aa6283c387e3a
b163a70c5df8e4b0861a23a04f8a6f78393747f4
b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.6648769378662, wf-uht;dur=0.011
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en

178.253.29.51

2 B

URL
1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=13.26, dt_total;dur=22.432, wf-uht;dur=0.030
traceparent: 00-ade7f16e29cd9a36a341716de27785cb-bba5288bb87b215a-01
x-dt: 285
x-time-ng: 0.023
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css

185.244.209.62

200 OK

97 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
97 B (97 bytes)
Hash
9deb70dd3fbdc7061ed21c5632fbc55b
22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8
be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9

HTTP Headers

GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: text/css
content-length: 97
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-61"
content-encoding: gzip
expires: Tue, 07 May 2024 16:27:42 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4d788be34d16152f98f5e5917b406f8a-af49e4eb18d750a8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T16:27:42+00:00, 2024-05-07T13:45:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js

185.244.209.62

200 OK

8.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (25972)
Size
8.5 kB (8520 bytes)
Hash
e30c678eadf7bd0fcc773e1599b97ddf
41243dc14d9eb2569fa832a3b8c27fc0158991aa
a4334d54b8db6d6eceb88c48ee428dfbb0ad3749d4137439f77859e205b52806

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 8520
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-2148"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3b05b550a5d6bbaa49fe4223fd6cf03c-012877240ab1ef1b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:30:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css

185.244.209.62

1.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6262), with no line terminators
Size
1.5 kB (1505 bytes)
Hash
09f1bd90913ad83743065cc13ee3e0c6
0f1d49d4ddfccf474d882839c1ac901a8c1d91e6
b0222e16baaccc20a1143166da7715bbab586f1d8d8bebf26f91e98738a55a92

HTTP Headers

GET /_nuxt/desktop/default/css/25e24e18.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: text/css
content-length: 1505
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5e1"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b93acb6542101719ff01e39deedb3b8f-ed846682aa175868-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:59+00:00, 2024-05-07T16:33:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137

178.253.29.51

176 B

URL
1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
176 B (176 bytes)
Hash
ac86deb03def477abf768a8455c8aa90
87bbc45a47946c01a6f494da652c5b1940e4a62c
6a19047f1e73a26daaac3ec171356c005d39984c931de6c0c0b4184ade05c55b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/json; charset=utf-8
content-length: 176
x-time-ng: 0.049
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.056
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js

185.244.209.62

200 OK

21 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
21 kB (20768 bytes)
Hash
05e740893c07a5cc45b5f0f2d787dbf5
28c364157e02ce207609bca53064a4b513e8bda7
a2af38a1cec7178448ce8d1aee99190b643f50894d3d05cac2e5234caeac8e5e

HTTP Headers

GET /_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 20768
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5120"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d32729956ac84e13ac219a70fd584f86-201a0382946d06b2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T16:46:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js

185.244.209.62

579 B

URL
v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1003), with no line terminators
Size
579 B (579 bytes)
Hash
54f54116f151f6469527d5f5c584887c
8078098cda5d50eeb285da4fc78655562f8324ed
8112adb0bbfa619109d5a6c3263e5e1761599c14b3c474b58b2f5ca512b46efb

HTTP Headers

GET /_nuxt/desktop/default/betting.coupon2-183c618c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 579
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-243"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-699c79424078f3783c51d0716d54080a-0accb94ed5120a2e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.51

200 OK

2.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.5 kB (2533 bytes)
Hash
21c13dfab103fabbc33e6b6165e13ce8
fc3572d83f160f0580c1ccfeada23bde50618e79
52e3b07f00c7bdf1cc6a3c838309e97fe67bb2be07ab1794e746aafa81e19d59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/json; charset=utf-8
content-length: 2533
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:03:46 GMT
vary: Accept-Encoding
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

200 OK

266 B

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
266 B (266 bytes)
Hash
f8ff37b50397222b6b0fc5254695b78c
246172bd71b85ecac94c7cbe5a4d35b0e17d3e2f
8729571270ff6fca33ba3564cda631a6133387c9a2cb7ec221ec73d91fa6d829

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/json; charset=utf-8
content-length: 266
cache-control: no-cache
content-encoding: br
last-modified: Tue, 07 May 2024 22:03:46 GMT
vary: Accept-Encoding
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg

178.253.29.51

263 B

URL
1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
SVG Scalable Vector Graphics image
Size
263 B (263 bytes)
Hash
28e2c161800b61b985a163f5c492ae51
8845ea940210b4ccb195cca855a598e6aaa58ed0
77c93c24e4eb0f8815a7526d405818c9a38ba6e4317f1fee588fffbc00cb17de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: image/svg+xml
content-length: 263
last-modified: Fri, 23 Feb 2024 10:01:24 GMT
etag: "28e2c161800b61b985a163f5c492ae51"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg

178.253.29.51

296 B

URL
1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
SVG Scalable Vector Graphics image
Size
296 B (296 bytes)
Hash
b1bf63d00887bb0354e9d89c7d790a01
2d64ab25c9afff682abd6732f62ba62a197e972b
a6a4fbbd99a0a82de03f05da827ccd9d019574bf3450727530403c2b5ce92df0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: image/svg+xml
content-length: 296
last-modified: Fri, 23 Feb 2024 10:03:47 GMT
etag: "b1bf63d00887bb0354e9d89c7d790a01"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg

178.253.29.51

200 OK

506 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
SVG Scalable Vector Graphics image
Size
506 B (506 bytes)
Hash
9c340eae608db0c25657b4a73d769afe
988fbf333a2e9290211cd9e6b7c98c59719012b0
b92e969acd8a1e0f9cfd1f84080ca5ccb8cb49b105299434c275a8813faf841e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Fri, 23 Feb 2024 10:03:36 GMT
etag: "9c340eae608db0c25657b4a73d769afe"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/logos.svg

185.244.209.62

200 OK

19 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/logos.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
19 kB (18950 bytes)
Hash
7e8bd1abf2a3b3b6349664b597c0c0f7
826590a1e0f339ebe3e8ef135a618794b3258d8e
9c23cd7f8ff3b26730f961590aba6e305f48f4975dc47be286bc74388cfbbc59

HTTP Headers

GET /sys-icons/1.0.328/285/logos.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"c45fb3adb3e47bdbd03c88fc4c4309aa"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:05 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6a0f7eb928506417bb21475bf3f5167d-19ce2d57a284d313-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:05+00:00, 2024-05-07T12:12:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

200 OK

23 B

URL POST HTTP/2
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
093ba8c2fa38d9a2aef3c8bfa208243f
19a998cf0a000b0aeec750c3a3790d30b4349e32
17dd58c72ccbd0fee857b68b03fc3f300cfb3b332e0079aa6e2f2c5495b4b3a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Content-Type: application/json
X-Lang: en
X-Uuid: 2053ad59-04e3-4b27-be23-d8e322067df5
Content-Length: 81
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

1xlite-461430.top/checker/redirect/stat/run/

178.253.29.51

200 OK

14 B

URL GET HTTP/2
1xlite-461430.top/checker/redirect/stat/run/
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js

185.244.209.62

5.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (15997)
Size
5.6 kB (5562 bytes)
Hash
18f932fe4f53ce3de4a44b04b0524916
ed47f4f593c25b33012b0369c19883c23e7d3df1
c665029c63cfd9399be9c74e897668b621e3a6e690f0da69196f4c73c16f0cee

HTTP Headers

GET /_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 5562
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-15ba"
content-encoding: gzip
expires: Wed, 08 May 2024 08:42:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a11fa63122609f99b3caaa6df4d4b709-43263718830f009a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:42:16+00:00, 2024-05-07T12:30:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5638), with no line terminators
Size
1.2 kB (1193 bytes)
Hash
be85f100312ee4f9396b6e89cbcb0fef
3934783d38d182ddcaccfdedbbe4fb65c266864c
06a9b859f60f7872c7beaa8286d3c1f45708dd0e1dee20f4c0d55c8719cc2983

HTTP Headers

GET /_nuxt/desktop/default/css/0e3e1e8d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: text/css
content-length: 1193
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-4a9"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:47 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e62eeff9d41d9dc09f1c086c5d5698d8-f7458d950e58e0c2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:47+00:00, 2024-05-07T15:29:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js

185.244.209.62

4.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12039), with no line terminators
Size
4.1 kB (4124 bytes)
Hash
d5bb5783c476219b31ce5582083fd74b
326b40532b72988c1d23fb931daabead75d18482
2724a816ddb0fd1234ca8cebf9db4fd60290f282fcfcb5619ffe70be9c0160b7

HTTP Headers

GET /_nuxt/desktop/default/DownloadAppWidget-b6662b37.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 4124
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-101c"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-537f3cdc74de060be9456b4a75e9308e-3f143186ae6ed193-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:35+00:00, 2024-05-07T15:29:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/fb87599cd1236423aaeb35a23a706e18.webp

185.244.209.62

200 OK

2.0 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/logo-champ/fb87599cd1236423aaeb35a23a706e18.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.0 kB (1982 bytes)
Hash
870d4e81d1d5e1b0bc23e9cbd4407760
34818a0fc0f536005e182e7cfcbc54cd08bface8
195fa94124acd96f6e3b973b5adb6245c2962c244a765b3e399afea7e60faab5

HTTP Headers

GET /sfiles/logo-champ/fb87599cd1236423aaeb35a23a706e18.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 1982
last-modified: Wed, 04 Jan 2023 08:10:48 GMT
etag: "870d4e81d1d5e1b0bc23e9cbd4407760"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-820b4cd86a2002bfcba7f0c95a48042e-1763af3fb37281ac-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-19T22:39:48+00:00, 2024-05-07T18:06:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/26adcfbe9c2dc689a4147d17ad31f348.webp

185.244.209.62

200 OK

788 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/26adcfbe9c2dc689a4147d17ad31f348.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
788 B (788 bytes)
Hash
33a8ab4754080b55227b04787d515805
0098031d96d1ffbea2b2c01c50b7b0da6a017125
b350f394cd3aeefe88a95b98a6f99c9e063dea63e4068b3a30e751ede8a79c1c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/26adcfbe9c2dc689a4147d17ad31f348.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 788
cache-control: max-age=94608000
content-disposition: inline; filename="26adcfbe9c2dc689a4147d17ad31f348.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 19:47:18 GMT
x-request-id: ae842630f1010cc821a2a8db35817d9a
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1e9a36061fa01c4d443280b6d3829cbb-133e3015826ab46c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T19:47:18+00:00, 2024-05-04T12:55:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/237d7df8d263bc2787c001ed1c4152b8.webp

185.244.209.62

200 OK

718 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/237d7df8d263bc2787c001ed1c4152b8.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
718 B (718 bytes)
Hash
fbc788d3e4018f6ae486aed078d25fa7
356fee9899b25c4915d3e31e9c8c4bb8681a2d0f
9ee03c7ca068cc733d9cda6d01be409fcd007cfe5c6d38661b58f90bbb3fd9a1

HTTP Headers

GET /resized/size16/sfiles/logo_teams/237d7df8d263bc2787c001ed1c4152b8.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 718
cache-control: max-age=94608000
content-disposition: inline; filename="237d7df8d263bc2787c001ed1c4152b8.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 07:39:39 GMT
x-request-id: 5e21da8ecf136033746ce7102f9bc841
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-35545cd1ce4425315321992f16d19388-97e82843504c3f56-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T07:39:39+00:00, 2024-05-06T02:09:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/2374.webp

185.244.209.62

200 OK

782 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/2374.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
782 B (782 bytes)
Hash
53df0a0bbacefe7b27366eb024b9222d
ba24352095fcc83f28a93bd24d17bd514507878d
670535fdd7639dbfb61d21efac29ffcc422d2b587d13de66c96e07c3ee2b735a

HTTP Headers

GET /resized/size16/sfiles/logo_teams/2374.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 782
cache-control: max-age=94608000
content-disposition: inline; filename="2374.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 19:29:49 GMT
x-request-id: d1a7641a53ebd738084a7900c765b2ad
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0f903b136f528273a1214a74ac7ca07e-d23fa39e006b7638-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T19:29:49+00:00, 2024-05-04T18:26:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/11715.webp

185.244.209.62

706 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/11715.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
706 B (706 bytes)
Hash
2ca109c41ac584d78ad9e6d5629ad653
685c514e52474c6056b78c7fe1065583d69cce08
97efd20e425b9c6ea8b0c9cf4a2989cd6e286695859075f75a1b0b7860995266

HTTP Headers

GET /resized/size16/sfiles/logo_teams/11715.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 706
cache-control: max-age=94608000
content-disposition: inline; filename="11715.webp"
content-security-policy: script-src 'none'
expires: Fri, 05 Mar 2027 12:25:41 GMT
x-request-id: d2d5ff306c6c3ad5ab7f2405f07b7490
x-time-ng: 0.035
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d5a6ea1bcf0fafcec925f80bd4afaa0e-6830a8dc221646be-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-05T12:25:41+00:00, 2024-03-05T17:10:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/sub_e_sport_dota_2.webp

185.244.209.62

200 OK

3.4 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/logo-champ/sub_e_sport_dota_2.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
3.4 kB (3422 bytes)
Hash
a46689e442c017ae101b316767eca350
2a48883da6738204defdfb8f81f44f78b7bb0731
9d5e3beccf36f35346ea0fabe57602cb4beed97d6e770e7bf74fa67c963d05a4

HTTP Headers

GET /sfiles/logo-champ/sub_e_sport_dota_2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 3422
last-modified: Tue, 03 Jan 2023 12:42:31 GMT
etag: "a46689e442c017ae101b316767eca350"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ce56c4977592eb00b35e4afcdfa11d65-7f3354267ef651a7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-01T14:14:31+00:00, 2024-05-07T10:46:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/b5b24e2be70af96ffe8aa8fb3b9618d4.webp

185.244.209.62

200 OK

484 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/b5b24e2be70af96ffe8aa8fb3b9618d4.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
484 B (484 bytes)
Hash
995c4e12c47987b96e517dfb11803327
e91704e8db8243412bd4fbd49f3ddf0309981adb
f28622c79b1fc5f6a32953cdbb2407390e4cb8193d6853554fb5dfa5e272b9b3

HTTP Headers

GET /resized/size16/sfiles/logo_teams/b5b24e2be70af96ffe8aa8fb3b9618d4.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 484
cache-control: max-age=94608000
content-disposition: inline; filename="b5b24e2be70af96ffe8aa8fb3b9618d4.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 05:32:14 GMT
x-request-id: d3a731ba623348b99a98ff76a678b5fe
x-time-ng: 0.072
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8c497ebe7e9acb51e28f28341bbaa85c-1529344191f23c1a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T05:32:14+00:00, 2024-04-25T10:37:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/496ef9da94656b1c011e21210c8bd2b2.webp

185.244.209.62

200 OK

2.0 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/logo-champ/496ef9da94656b1c011e21210c8bd2b2.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.0 kB (1982 bytes)
Hash
870d4e81d1d5e1b0bc23e9cbd4407760
34818a0fc0f536005e182e7cfcbc54cd08bface8
195fa94124acd96f6e3b973b5adb6245c2962c244a765b3e399afea7e60faab5

HTTP Headers

GET /sfiles/logo-champ/496ef9da94656b1c011e21210c8bd2b2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 1982
last-modified: Wed, 04 Jan 2023 08:06:43 GMT
etag: "870d4e81d1d5e1b0bc23e9cbd4407760"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-548c9854411328795e97e85562177613-698f8079d154f759-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-28T22:22:18+00:00, 2024-05-07T18:06:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/e0e81502b16088c58a48103b0b540c90.webp

185.244.209.62

850 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/e0e81502b16088c58a48103b0b540c90.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
850 B (850 bytes)
Hash
491a2ea16997542479fe5b5ad1f76805
ea8b368d9fe0b8edb95aeffafb0082ebfed517cf
94587de5ddacf8d72b17475b75eb371b01e5e30c708fbe1577ec24875bd77b6f

HTTP Headers

GET /resized/size16/sfiles/logo_teams/e0e81502b16088c58a48103b0b540c90.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 850
cache-control: max-age=94608000
content-disposition: inline; filename="e0e81502b16088c58a48103b0b540c90.webp"
content-security-policy: script-src 'none'
expires: Wed, 21 Apr 2027 12:39:15 GMT
x-request-id: db12a34e9af3580aa03b98ce8f83ed1c
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0aeeb126a8c089931a74ffb84d3b46d6-a371c8446653c31e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-21T12:39:15+00:00, 2024-04-22T18:56:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/13869.webp

185.244.209.62

200 OK

810 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/13869.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
810 B (810 bytes)
Hash
7fabfc495c9d7178fed3b0eb3aaa0601
663057526ed62c1fb7fa82bd60576ce48ed5290c
825070b0e21943950338ab03dc78ca1dc505a0ba0f1c7394e29935fba34b4825

HTTP Headers

GET /resized/size16/sfiles/logo_teams/13869.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 810
cache-control: max-age=94608000
content-disposition: inline; filename="13869.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 15:52:47 GMT
x-request-id: da08e0f937c994693ff8b96726636e7e
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-13f70a48593a872625687f4d8f9cccae-30be21c2dcad28ce-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T15:52:47+00:00, 2024-05-02T05:59:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/c07b847b1f7ed93db6678a77ff6d5c85.webp

185.244.209.62

200 OK

844 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/c07b847b1f7ed93db6678a77ff6d5c85.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
844 B (844 bytes)
Hash
77af0769ae25634a1ac44514de404dc6
b00cbe768ada358bc5cd61be5fa02f7353eacb2f
a5f02620069191472009d70b66446fe631931e1216411acb03c7702c62f6c1c9

HTTP Headers

GET /resized/size16/sfiles/logo_teams/c07b847b1f7ed93db6678a77ff6d5c85.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 844
cache-control: max-age=94608000
content-disposition: inline; filename="c07b847b1f7ed93db6678a77ff6d5c85.webp"
content-security-policy: script-src 'none'
expires: Mon, 15 Feb 2027 12:50:44 GMT
x-request-id: 10e67bb01182879226366493cafcf10b
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0303b99fb118902bf4d2fc194b0d5057-73895e2acb34cebb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-16T12:50:44+00:00, 2024-02-21T17:57:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/fa43184e72ec88d783f697aac28b7a39.webp

185.244.209.62

696 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/fa43184e72ec88d783f697aac28b7a39.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
696 B (696 bytes)
Hash
4e287ab2914ca4d3c0ec942db75f71d6
84a1ab209815b7f2495b3b9cf220e2f4a912fc50
0f1574264632a2e9b655eae36496e7d11f6145e726cfef503a6c399b8c4950df

HTTP Headers

GET /resized/size16/sfiles/logo_teams/fa43184e72ec88d783f697aac28b7a39.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 696
cache-control: max-age=94608000
content-disposition: inline; filename="fa43184e72ec88d783f697aac28b7a39.webp"
content-security-policy: script-src 'none'
expires: Sat, 01 May 2027 09:56:38 GMT
x-request-id: 8769bbf1d3686640f50d41c87e441876
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5bdec7c678c0e1c6a08bf074340860f8-7a849b86149cf3a9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T09:56:38+00:00, 2024-05-02T05:59:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/2364.webp

185.244.209.62

200 OK

808 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/2364.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
808 B (808 bytes)
Hash
ab4ea6aaea98b70cf40a0c2288427ebf
fd15291553ff26b593ec21c30b8a211bdf47ccc2
410ebdc3f7e30c0bca7b4693dd182d5a37f0a989e7a0d7dc72f3e9fe65a4cbcf

HTTP Headers

GET /resized/size16/sfiles/logo_teams/2364.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 808
cache-control: max-age=94608000
content-disposition: inline; filename="2364.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 09:07:55 GMT
x-request-id: 187ad21f3585ea5125ac64b48692b195
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0ec8319e35501829aed3531e00593b0c-d117dfe8c8da6d92-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T09:07:55+00:00, 2024-05-02T05:59:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/9bcb40669e835935acaf6cc12183ef28.webp

185.244.209.62

200 OK

630 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/9bcb40669e835935acaf6cc12183ef28.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
630 B (630 bytes)
Hash
1dce32abf1c562b57058982e7967fed8
c683fe923e74a9de8dbca38c4bf2821e3249f86b
18daf22f6e99eded9c1c415bdb3bfe1968e2340b034321f7580044a6e7cc5967

HTTP Headers

GET /resized/size16/sfiles/logo_teams/9bcb40669e835935acaf6cc12183ef28.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 630
cache-control: max-age=94608000
content-disposition: inline; filename="9bcb40669e835935acaf6cc12183ef28.webp"
content-security-policy: script-src 'none'
expires: Sun, 07 Mar 2027 14:05:29 GMT
x-request-id: 6e35a2790d892b9786537b68536410bb
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b298ed395c46e7077dbdcf3718fab2b1-7e9679b1cc98e7b9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-07T14:05:29+00:00, 2024-03-07T23:09:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/4eb0ba6049c1f8e8e89dc6837d91a962.webp

185.244.209.62

808 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/4eb0ba6049c1f8e8e89dc6837d91a962.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
808 B (808 bytes)
Hash
652a7b381cf72e7c9471a540d10ceeb3
3ea6599403f9c591dd3688d16bfea17402a695c8
9364d6b0783245ae52d7310807913a7e59c02353672acf1925648bc43fed1250

HTTP Headers

GET /resized/size16/sfiles/logo_teams/4eb0ba6049c1f8e8e89dc6837d91a962.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 808
cache-control: max-age=94608000
content-disposition: inline; filename="4eb0ba6049c1f8e8e89dc6837d91a962.webp"
content-security-policy: script-src 'none'
expires: Fri, 19 Mar 2027 21:33:50 GMT
x-request-id: 2dca1ebba41e767795a41d8ea7c5584e
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-896a1a435e3770fc0b0aca0ad3eaac41-a0c0d7cb83f2623c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-19T21:33:50+00:00, 2024-04-06T11:10:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/9fb7f9de5a12bf88624578eaa9e3b85f.webp

185.244.209.62

798 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/9fb7f9de5a12bf88624578eaa9e3b85f.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
798 B (798 bytes)
Hash
4e297497c4ae10f14c305451c9dc7722
83531d1810067b068dbb050ed0588cfdbd7da8e5
e113fffc6d2b61f4cf55308574090ebd3b8cab0fe2b618f15981563f8ed98131

HTTP Headers

GET /resized/size16/sfiles/logo_teams/9fb7f9de5a12bf88624578eaa9e3b85f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 798
cache-control: max-age=94608000
content-disposition: inline; filename="9fb7f9de5a12bf88624578eaa9e3b85f.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 07:48:09 GMT
x-request-id: 775c17a4c9ca4f364c5a8184a61c1b58
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-364fbe865f2970daabe0f82e59ac2cdf-c02db13e5f61b8f3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T07:48:09+00:00, 2024-04-30T10:47:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/67ed857590f4194454d21d2001d513b0.webp

185.244.209.62

784 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/67ed857590f4194454d21d2001d513b0.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
784 B (784 bytes)
Hash
39b984de750c736edd5249b916c92b6e
64e5392da1c65c77d8e9728574e075ac2aea2af3
4ff8446ba4761a2a7df7cdbeece9d59bac278a920f6acbc68ddfcfa974888381

HTTP Headers

GET /resized/size16/sfiles/logo_teams/67ed857590f4194454d21d2001d513b0.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="67ed857590f4194454d21d2001d513b0.webp"
content-security-policy: script-src 'none'
expires: Mon, 05 Apr 2027 05:10:43 GMT
x-request-id: 069b6eae0e7c53c0d7c90157638f9be4
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2dcb70a26732b2d5755a5492231ab3f9-310b944715ce07f7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-05T05:10:43+00:00, 2024-04-09T13:57:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/905203.webp

185.244.209.62

200 OK

644 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/905203.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
644 B (644 bytes)
Hash
d19345c84cd6a84864fe386a22033804
39dcf499c8676f88c7c5b32c98a5e21edcad5c66
6358dfe46d9784120ad06510c9b066d5eed5b5d8041297e0e48118009f6c9d99

HTTP Headers

GET /resized/size16/sfiles/logo_teams/905203.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 644
cache-control: max-age=94608000
content-disposition: inline; filename="905203.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 01:07:34 GMT
x-request-id: c5a73f83469b2375c06b6af0093a1df5
x-time-ng: 0.041
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8de02b6e049aa727241a21bc3aaf082b-ac3aae8f4ddb8021-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T01:07:34+00:00, 2024-05-05T13:09:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/27793.webp

185.244.209.62

616 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/27793.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
616 B (616 bytes)
Hash
1ddc07de735f1ba53084323cd3a0ff36
68a622a6858a90c67364260996f0b25eeb5bfe24
eecee3829bc1031c3988135a8a770247907075a62b5ccc528dbf58066fbd5e39

HTTP Headers

GET /resized/size16/sfiles/logo_teams/27793.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 616
cache-control: max-age=94608000
content-disposition: inline; filename="27793.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 22:47:06 GMT
x-request-id: 0ac9e3e194789cb428c4522cee0f3836
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ac3ce67b39d4aca829f77d04fd383367-10bd2b642242c2f7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T22:47:06+00:00, 2024-05-07T20:25:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/2518241.webp

185.244.209.62

778 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/2518241.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
778 B (778 bytes)
Hash
06aaba33dda998e5fc674ce4b6232bc0
7238c04721b5f1a2ea506d7843b4c7d0e778bd1a
feab39b6b244d76d1616ebe42e9edb0fa2d59a5e3f0bd00b78403cf2dfb0f1ec

HTTP Headers

GET /resized/size16/sfiles/logo_teams/2518241.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 778
cache-control: max-age=94608000
content-disposition: inline; filename="2518241.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 15:32:16 GMT
x-request-id: b30a1630dcd7a52442357b534dbec551
x-time-ng: 0.112
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-866a0e49ba88230889c205c0b125174a-821ed5199e34d9e9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T15:32:16+00:00, 2024-05-06T19:04:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/484585.webp

185.244.209.62

718 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/484585.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
718 B (718 bytes)
Hash
3e57084ac27a7ca95e336a06014b0b1c
50fc65441fe64dde5e83173fbc4f3477a3dddf83
705862f1e3e0c727d64e3a4020deb8e74c2fa9371a6bdbeecd6b524cfb2909cc

HTTP Headers

GET /resized/size16/sfiles/logo_teams/484585.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 718
cache-control: max-age=94608000
content-disposition: inline; filename="484585.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 18:21:13 GMT
x-request-id: 3f12d64e04b76efa0e0ea0841a0d5f83
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b5c55f5c6801f7c4f8ec421c9e91d90e-cfab497244c2e074-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T18:21:13+00:00, 2024-05-06T19:04:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/c0dcf65ec58b302c7ca4777d8f55368a.webp

185.244.209.62

200 OK

658 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/c0dcf65ec58b302c7ca4777d8f55368a.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
658 B (658 bytes)
Hash
b9f0b097828af0d57fbf0b9fe4a6f9dc
7fd2f7ba9205e1ab1c4499d27b596842e8f8bade
e346ad82a909e07095b7a88f715f465cd2b058a4f3ec59663fd4f1f656afef0d

HTTP Headers

GET /resized/size16/sfiles/logo_teams/c0dcf65ec58b302c7ca4777d8f55368a.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 658
cache-control: max-age=94608000
content-disposition: inline; filename="c0dcf65ec58b302c7ca4777d8f55368a.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 02:25:47 GMT
x-request-id: 87693168386d00fb87c324bcb1b82166
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4971dc626f88eff261bc535afc2a74ab-c7d5b87a926c4875-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T02:25:47+00:00, 2024-05-07T21:10:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/ea98b40e895df97c85228978ce6f887c.webp

185.244.209.62

734 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/ea98b40e895df97c85228978ce6f887c.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
734 B (734 bytes)
Hash
146a94f229a02145fa678437937c9aca
1e523e0a92dc2b235be4f50b2258f188e63dea76
e99370f782952cfb9559320c8688c90b6d3e33b4b6135623d07daecce99ca5ad

HTTP Headers

GET /resized/size16/sfiles/logo_teams/ea98b40e895df97c85228978ce6f887c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 734
cache-control: max-age=94608000
content-disposition: inline; filename="ea98b40e895df97c85228978ce6f887c.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 18:09:34 GMT
x-request-id: a40175ba712cc81ae2c7c4eca49027fb
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ec70786a808810a3ef6f0fdce2f79f15-0b5c72680e5a23bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T18:09:34+00:00, 2024-05-07T21:10:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/925c8a3602f2fe127ae9c557323f83f8.webp

185.244.209.62

728 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/925c8a3602f2fe127ae9c557323f83f8.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
728 B (728 bytes)
Hash
0f4be90bca53eaa91e64c850ced091a5
07a7aad21130cdd911bebbc5aea6c919ce04f9de
78ee34716c48c845f5749947d84df66fbf6a8012250068d5ec3726ae7cbfdca6

HTTP Headers

GET /resized/size16/sfiles/logo_teams/925c8a3602f2fe127ae9c557323f83f8.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 728
cache-control: max-age=94608000
content-disposition: inline; filename="925c8a3602f2fe127ae9c557323f83f8.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 13:20:16 GMT
x-request-id: 8b409e22dcbfdf2ee791ba3de3371ff3
x-time-ng: 0.038
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ec3039ba02f0e29844c82c440789c1a4-cbe37d17b837f592-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T13:20:16+00:00, 2024-05-07T20:31:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/7b2f118878fcf01b2f694735571bdf7d.webp

185.244.209.62

798 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/7b2f118878fcf01b2f694735571bdf7d.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
798 B (798 bytes)
Hash
061bd9b73f2511fb653c86bcc81ca616
c696c129e2597a7a899df43f729a178d130512e3
b0695f7c19584ba0ead9f3ba11e452c505daaa2fdb4431250de18fe6e86fdd9f

HTTP Headers

GET /resized/size16/sfiles/logo_teams/7b2f118878fcf01b2f694735571bdf7d.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: image/webp
content-length: 798
cache-control: max-age=94608000
content-disposition: inline; filename="7b2f118878fcf01b2f694735571bdf7d.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 18:09:34 GMT
x-request-id: e89c39f2f099b0454a515a1db63405fa
x-time-ng: 0.067
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-28cb19ea23211110cd4cc3364ac8bd1d-a3b140fcc0f1c640-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T18:09:34+00:00, 2024-05-07T21:10:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

14 kB

URL
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
14 kB (14542 bytes)
Hash
0c9e914da14b596f1137d41e4254fcf2
591b734d27e8324dc08f2ca1a5dbc2723d9e4b1a
7c4ffd2681b33610fa26d52a7833e840656d3462b8f19ca29fa7c42247d00c00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:48 GMT
content-type: application/json; charset=utf-8
content-length: 14542
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:03:48 GMT
vary: Accept-Encoding
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.035
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css

185.244.209.62

200 OK

705 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4705), with no line terminators
Size
705 B (705 bytes)
Hash
2b6cccff5325f6e14ccd6ec354319cd6
f4ec05fc468d3daddec1a3d825c29a55ce4b2050
a153e31a0350b58aad71597632348e14c954738845b58f05ca04b8212dbaca38

HTTP Headers

GET /_nuxt/desktop/default/css/ff09be90.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: text/css
content-length: 705
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-2c1"
content-encoding: gzip
expires: Tue, 07 May 2024 14:41:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cd2f5641919be74c5f108fd25bc2edc2-781305c3db23612e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:41:31+00:00, 2024-05-07T06:06:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js

185.244.209.62

2.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7751), with no line terminators
Size
2.3 kB (2295 bytes)
Hash
3078429361b9801527b7f4deb1ff2633
c0bf69639f54697d7fcf5ee8ed06072a629b3fff
3042f5f56a8fae2d232bd88071179a50133e8d90fd11ec2f52259b23d8e0cb5a

HTTP Headers

GET /_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 2295
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-8f7"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1f9637ed85543047328568633ddb2dd0-e817b04745c8d6b3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:43+00:00, 2024-05-07T16:33:57+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.6 kB (2595 bytes)
Hash
65cd59640bcdc8e638205b4a9b0d65ae
8780415de688919923a526e40e0496cd8b9a8fcf
75bfda695aba154723db122f37ba0a0013bd9bf46f11cbde9718fdc1e05e1b56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/json; charset=utf-8
content-length: 2595
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:03:49 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.017
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp

185.244.209.62

8.9 kB

URL
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
8.9 kB (8880 bytes)
Hash
7a49dad906575c61dd636edbe1201479
d4bf0fbfadca8c6d3a7ec8f3d34d08fced98a21d
0e0cd085244f6272acfa6794d90e32685fa203973e85c62fa96f02cddf7172c6

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-58.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/octet-stream
content-length: 8880
last-modified: Thu, 31 Aug 2023 08:11:00 GMT
etag: "7a49dad906575c61dd636edbe1201479"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:21:44 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1f07d36266c335549050be45df768f91-bb5c8e62fb876189-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-07T07:17:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp

185.244.209.62

200 OK

6.9 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.9 kB (6884 bytes)
Hash
b7304b532dca88cc708b1c81edf7e051
d9ca9db864badb40bcab6d846ba7110413a339d3
324b9021e7fa1a227b418f5b0707e174d86aa20decea945eab3cea41aac8d2ca

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/games-no-faceless.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/octet-stream
content-length: 6884
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "b7304b532dca88cc708b1c81edf7e051"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:10.000Z
expires: Tue, 14 Nov 2023 18:21:42 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bf99a50c9f228d5aa37f37c54ef9f678-cf9ccecacada4150-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T18:59:15+00:00, 2024-05-07T07:17:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp

185.244.209.62

6.2 kB

URL
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.2 kB (6158 bytes)
Hash
64ff358fd3a82358542d29d53649dd85
0a15b0731a9468fe49e3b512febe91d951ef6156
a9ae35f930c0bf59e407a0c082347049ae11738d330df4e32f4b2b1129d1470c

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-371.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/octet-stream
content-length: 6158
last-modified: Thu, 31 Aug 2023 08:10:58 GMT
etag: "64ff358fd3a82358542d29d53649dd85"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:04.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-94a2dcd17a46323c783fa8bdd3e2e66b-a1566ed3ca5fd70f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-07T07:17:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp

185.244.209.62

200 OK

20 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (19770 bytes)
Hash
2c02d34e261b48da9db2682ad433c5e8
e6b9618ac0040910f755a6f24dcb2f5500bb9aca
d8db064ea1623849ccee86b27bdb7825aa0dc452293576de352f9269af60ecfe

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-249.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/octet-stream
content-length: 19770
last-modified: Thu, 31 Aug 2023 08:10:56 GMT
etag: "2c02d34e261b48da9db2682ad433c5e8"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:00.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-55093c3393de62fd108a2f5770ba1f7e-a5ed15d4166cd30f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-07T07:17:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp

185.244.209.62

200 OK

4.3 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
4.3 kB (4256 bytes)
Hash
8c2b80027d3818f6bc91227418589ee6
c6d3c4595860bd3d685e4ddea5d4610a6f642a9b
cec387d33e94b8222d71031dbda50143a7ea2e1470d2c96c9e147aa4c4a43960

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-69.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/octet-stream
content-length: 4256
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "8c2b80027d3818f6bc91227418589ee6"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8fdbbb463586eb3b1e18e30511f69718-37440fc6ad638182-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:23:21+00:00, 2024-05-07T12:30:21+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

200 OK

2.0 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.0 kB (1976 bytes)
Hash
d606924d7b09e47fe27b57d0801ef4da
1ddbb1f065f1e959902c8d1429f0cba7b10cde7a
b2d818c0c9be918dad2240938c19d7de561869d1d555456853191249530ef090

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/json; charset=utf-8
content-length: 1976
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:03:49 GMT
vary: Accept-Encoding
x-time-ng: 0.052
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.060
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css

185.244.209.62

46 B

URL
v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
f506188b04c16eaa9c664ed23f7ce58e
08d068d7fa5a84beb06ba924a35d84d6bfdab30a
b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9

HTTP Headers

GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-271be352018d2c37559f4aebe7582db5-e05a024e6678db53-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-05-07T21:52:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

31 kB

URL
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
31 kB (30711 bytes)
Hash
52ff937554b61ce39516b7a02c81aea6
b12ee7c8a4ae3723e037b9940e17f9712a39e4db
b30c3084c2c82454ad165a3c6e4c31bd28ea9ea0387a3e9cf6505bb3f706b6a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=107, dt_total;dur=149.589, wf-uht;dur=0.163
traceparent: 00-ad6e5bd2abeb54d39ac52dc0377b0dfb-23c3d5fb5cb0f161-01
x-dt: 285
x-time-ng: 0.130
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_buildManifest.js

172.64.148.184

200 OK

84 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_buildManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
84 kB (84176 bytes)
Hash
8f3647cf2586faa57043ed0d40bd15f6
5d7e47b5dcb88bddb68b83d912639632112fe1a8
b8d306752f13ddcd1d5b5d3c49f5e07c2de9e8e2fb28565bb0f4820e024f555c

HTTP Headers

GET /_next/static/f385e6db/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"207-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 485773
expires: Wed, 07 May 2025 22:03:49 GMT
server: cloudflare
cf-ray: 880480933dae7130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js

172.64.148.184

30 kB

URL
widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
30 kB (30447 bytes)
Hash
efa475ba8f1d8f1720682ab2365bf2fe
9a76edfcbf473c64601d971fb6a57e31b3fefc51
167fb41162aab56933ee3a1cfa78525ed005e09134b144ccbbbd3ea8098d1cff

HTTP Headers

GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 617074
expires: Wed, 07 May 2025 22:03:49 GMT
server: cloudflare
cf-ray: 88048092fd497130-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/3.2.2/Desktop/Default/client.css

185.244.209.62

145 kB

URL
v3.traincdn.com/sys-ui/3.2.2/Desktop/Default/client.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
145 kB (145140 bytes)
Hash
0eff0a7a0cc7e0eac87628ebc6512588
6cbba9e788addee57039a06ca028005df40c4132
6e9a0a35d1f679fa32a4a615d97db32c4243bd0b2b15feca1148b6f197827329

HTTP Headers

GET /sys-ui/3.2.2/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 19 Apr 2024 10:16:19 GMT
etag: W/"e4b8405071f7ea0e1aa13cd501543a44"
x-amz-meta-mtime: 1713521458.745453226
content-encoding: gzip
expires: Sat, 20 Apr 2024 11:51:17 GMT
cache-control: max-age=86400
x-time-ng: 0.010
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2d4754b41fc1db9197ea3207c4c4a407-5d7bf9c38a7f01d8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-19T11:51:17+00:00, 2024-05-07T14:34:20+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js

172.64.148.184

812 B

URL
widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
812 B (812 bytes)
Hash
768d35134ea28305f6985883a33e64d2
835bd7946b1859cd39c7b13660eea751cc3656fb
c09082c124b3c956c997e5d6c1d38666390d10a0df3938c14bcb6dece96fc44e

HTTP Headers

GET /_next/static/f385e6db/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"5c-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 485779
expires: Wed, 07 May 2025 22:03:49 GMT
server: cloudflare
cf-ray: 880480934dc37130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/e4de30eecdaa3b88c3f3e18abfff37de.webp

185.244.209.62

200 OK

586 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/e4de30eecdaa3b88c3f3e18abfff37de.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
586 B (586 bytes)
Hash
2fa05dfdd417d077c689bcfb808cfb67
16bfbef7f822186dbfbbc9db5fcd5886e52331a0
c3792f5d139be0871df8d9b689b47a81301242e55721cd428d72ab6192aa8767

HTTP Headers

GET /resized/size16/sfiles/logo_teams/e4de30eecdaa3b88c3f3e18abfff37de.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 586
cache-control: max-age=94608000
content-disposition: inline; filename="e4de30eecdaa3b88c3f3e18abfff37de.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 06:02:40 GMT
x-request-id: db4269a828f785c4fbaeef8d95a3f9a1
x-time-ng: 0.045
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bcc50ff7673f748755bb81843098d84b-749162a7a5b1564a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T06:02:40+00:00, 2024-05-07T06:54:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
17 kB (16894 bytes)
Hash
425cab790a68b14e50c409f65e7c71dd
9a706c27754a558763baf745967f584592fcd537
4a4c8ca786b0d0a1fc8fd66e32a916b8767a5da46b64728945548e7a271131b3

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:52 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 13:05:33 GMT
etag: W/"701ad5a22b8ea7213a53e334d0898349"
x-amz-meta-mtime: 1715000580.880463816
content-encoding: gzip
expires: Wed, 08 May 2024 12:42:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7133b17f05d33ed376762885a40c717c-2199f75845ead3fe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:42:07+00:00, 2024-05-07T12:51:04+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/22709.webp

185.244.209.62

200 OK

598 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/22709.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
598 B (598 bytes)
Hash
d494ed8007d57e31c79e3b0e9fea699b
49ce17aab0622a29baa07d230ab8ff024060d44b
406a73454f043ebbaf38c9df3090d66729ca3f164e648bae7b1d783cf4ceccf1

HTTP Headers

GET /resized/size16/sfiles/logo_teams/22709.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 598
cache-control: max-age=94608000
content-disposition: inline; filename="22709.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 06:02:37 GMT
x-request-id: c504f4d4c4f3cc14ee78988edd3412c4
x-time-ng: 0.042
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0eb1028c599aa8c0f84585e06b5bf6c9-99ddc4251f404025-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T06:02:37+00:00, 2024-05-07T21:44:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js

185.244.209.62

200 OK

46 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
46 kB (45481 bytes)
Hash
641fc3036defeb7145623008c7226b19
895a0dd553da4ee7420cb9efaf1ee87a10b12465
64d0ba182b9847dcd0619e437554352984668580a0178b03b818ea0830b6317e

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_M4D4AAJL.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:52 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 13:05:33 GMT
etag: W/"51ddc52774f4e5bd6a6f1c22e9d19674"
x-amz-meta-mtime: 1715000580.87646382
content-encoding: gzip
expires: Wed, 08 May 2024 12:42:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-44b400f3f7aa4893c89c7e68f38c4341-a58616c24545924f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:42:07+00:00, 2024-05-07T12:51:04+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/d439d09e5140dbbfff37ee7470bd30e8.webp

185.244.209.62

728 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/d439d09e5140dbbfff37ee7470bd30e8.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
728 B (728 bytes)
Hash
0f4be90bca53eaa91e64c850ced091a5
07a7aad21130cdd911bebbc5aea6c919ce04f9de
78ee34716c48c845f5749947d84df66fbf6a8012250068d5ec3726ae7cbfdca6

HTTP Headers

GET /resized/size16/sfiles/logo_teams/d439d09e5140dbbfff37ee7470bd30e8.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 728
cache-control: max-age=94608000
content-disposition: inline; filename="d439d09e5140dbbfff37ee7470bd30e8.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 06:15:03 GMT
x-request-id: 8cbb8140e8b804bf3cc9d6ecca3f0307
x-time-ng: 0.029
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7223dbb9ee6f03c18be0799635af5055-cb46467d661f1f2e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T06:15:03+00:00, 2024-05-07T21:51:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/config/getVideoAccessConfig

178.253.29.51

200 OK

3.5 kB

URL GET HTTP/2
1xlite-461430.top/web-api/external-api/config/getVideoAccessConfig
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
3.5 kB (3512 bytes)
Hash
cb0bc8eedc642fc591c0eef57e6c67e5
6c62aeececef0a5ff474bb21bf569ad8d48f6bd0
c57136f602923fc19534e58f7da5a483616d80031222372e19a29fd6f22b0a0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/config/getVideoAccessConfig HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:47 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=20, dt_total;dur=25.344, wf-uht;dur=0.036
traceparent: 00-33ca968248c6bbe7b360115c9bbe0888-4bd5299ca0260c4c-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/93e7fcb221da7a6a3d43437fff7bf50e.webp

185.244.209.62

200 OK

588 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/93e7fcb221da7a6a3d43437fff7bf50e.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
588 B (588 bytes)
Hash
5cc40a6f8b6c95f8d5382e677bfd6afc
a92f3e60f5741ecea533c6870b53e2b99a863598
7706824b58f1d489670bf3eb46bcd93024f33b3e5628640c24944c921e1c4457

HTTP Headers

GET /resized/size16/sfiles/logo_teams/93e7fcb221da7a6a3d43437fff7bf50e.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 588
cache-control: max-age=94608000
content-disposition: inline; filename="93e7fcb221da7a6a3d43437fff7bf50e.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 06:15:03 GMT
x-request-id: ff18891f9b58c377e1197104359d1e86
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-473007ea0b18c99c48aab3c8f78f3dfb-8ac0dd64539cfeb5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T06:15:03+00:00, 2024-05-07T21:51:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/injector.js

172.64.148.184

200 OK

72 kB

URL GET HTTP/2
widget.suphelper.top/injector.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
72 kB (71993 bytes)
Hash
a2091f903db62862cf6e28c87d02a6c1
b8be028662eaf20cfc1e70ac1f8a42019552e0dd
c62ea4a0c33a2088d499a319d7aba9d29453a669ff4f8008cec214401e72c5af

HTTP Headers

GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:47 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"32e7a-18f381bf77a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
expires: Wed, 08 May 2024 02:03:47 GMT
server: cloudflare
cf-ray: 88048082bf2f7130-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js

172.64.148.184

200 OK

725 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
725 kB (725330 bytes)
Hash
aece78d077a1caf8aa955ed8195df10b
e8a6e70064aeadbefcf33151d44a7446d9307fa3
b43bc6ed37fb1fd901afc6a8f19481004d3d7ac597518248bb0e5a4403e3c730

HTTP Headers

GET /_next/static/f385e6db/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"4d-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 485779
expires: Wed, 07 May 2025 22:03:49 GMT
server: cloudflare
cf-ray: 880480933db37130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js

185.244.209.62

200 OK

1.9 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
1.9 kB (1926 bytes)
Hash
576c6dddd1ec185e224454d34c6f6705
443b9457f9e8584779fb7bec86ecc4c87b67e6e3
7bacda4db2bd0873443df69382f1616f07703fb08da4a36609324a90ce71caea

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:52 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 09:11:40 GMT
etag: W/"518e0ae196483ada8b528a1f2b7df0a1"
x-amz-meta-mtime: 1715072814.257664589
content-encoding: gzip
expires: Wed, 08 May 2024 15:18:12 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d5177d4cd376b2e253db95e023a244f2-9c085d95a146bf97-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:18:12+00:00, 2024-05-07T15:53:31+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/efc697cd9145ca1f3bba3aa95d096541.webp

185.244.209.62

900 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/efc697cd9145ca1f3bba3aa95d096541.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
900 B (900 bytes)
Hash
3ef08420dbeb2bd2cdf73494ff340877
a175dfbbb88d9f12428f3098e758b55a8df5360e
a12801a09013c133eecac6b6f774a1e7e8a24644a59207fc5e9cbd61eb81153d

HTTP Headers

GET /resized/size16/sfiles/logo_teams/efc697cd9145ca1f3bba3aa95d096541.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 900
cache-control: max-age=94608000
content-disposition: inline; filename="efc697cd9145ca1f3bba3aa95d096541.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 01:00:28 GMT
x-request-id: cfd961125323b775722d0b42c69ec991
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-77cb74b12508ccb0842b13c9520f1004-3e0681e2f91ed3c8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T01:00:28+00:00, 2024-05-07T22:01:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/10535.webp

185.244.209.62

200 OK

774 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/10535.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
774 B (774 bytes)
Hash
2f633b957fce5f8d72e1ac438cfeb573
37fd26f5fdf69bc6f97664a10e2057297a7ac43d
1210620c09241381d39628eb790432c09ca0ea7b81940fd6022680e00df08093

HTTP Headers

GET /resized/size16/sfiles/logo_teams/10535.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 774
cache-control: max-age=94608000
content-disposition: inline; filename="10535.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 07:47:17 GMT
x-request-id: 9b7131233ec39441ad6c22652a58265b
x-time-ng: 0.034
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2dbe2870b8920c94ff7b123776360899-e6f86e7436e8cb68-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T07:47:17+00:00, 2024-05-07T22:01:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/53e12b43d8cb3d76237ea08bf10413ce.webp

185.244.209.62

782 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/53e12b43d8cb3d76237ea08bf10413ce.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
782 B (782 bytes)
Hash
25433518d9e233c73287c1abf262f233
4342467b930ad10d5fa68456d2ca010b43aa29e1
2ee7c3d17c885b303bd5245c83615b1eb8b62769533a061a25f1e3fa881dc963

HTTP Headers

GET /resized/size16/sfiles/logo_teams/53e12b43d8cb3d76237ea08bf10413ce.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 782
cache-control: max-age=94608000
content-disposition: inline; filename="53e12b43d8cb3d76237ea08bf10413ce.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 18:45:58 GMT
x-request-id: 1728cc7af16278a8a40bfcda537346e2
x-time-ng: 0.069
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-37f6a70846fa32615c934a5b703bbfa2-4ad47e7b11fa7585-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T18:45:58+00:00, 2024-05-07T20:16:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/91313106f53955f1d47377dea65911ec.webp

185.244.209.62

200 OK

832 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/91313106f53955f1d47377dea65911ec.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
832 B (832 bytes)
Hash
4b9fc0e910fd48a1bbe48fa3bb3b9a76
ff1f9b427fa4e1e6bcaa7bbdb4391b7e57f8ded7
9189e131c6b5df4ab4b582be60c9fdb1f8948b90711b8e67727d04097eed101c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/91313106f53955f1d47377dea65911ec.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 832
cache-control: max-age=94608000
content-disposition: inline; filename="91313106f53955f1d47377dea65911ec.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 18:45:58 GMT
x-request-id: 355482d98d756a815983e959f87ce2a9
x-time-ng: 0.038
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cffc70b9aa7b51d5956aca6f871a784e-a923773783066d08-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T18:45:58+00:00, 2024-05-07T20:16:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/50eec55e5da1c70160882f0a27e3be75.webp

185.244.209.62

200 OK

758 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/50eec55e5da1c70160882f0a27e3be75.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
758 B (758 bytes)
Hash
f32c5aea8f4ec253d7b1c26a060f84bb
9a31ef0d300b7b4a1a456212d6bcdcad62144671
bd057e9cddf751bd5967c6ecb064e742910ce8037e04af780cb6ffaa560f51d6

HTTP Headers

GET /resized/size16/sfiles/logo_teams/50eec55e5da1c70160882f0a27e3be75.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 758
cache-control: max-age=94608000
content-disposition: inline; filename="50eec55e5da1c70160882f0a27e3be75.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 20:58:15 GMT
x-request-id: aab37c3fe4ba6efc26b96fe459b5aee5
x-time-ng: 0.070
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e26d6f031df11c19c463f9ea30dfc8f0-6e1ab4930e1a68ed-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T20:58:15+00:00, 2024-05-07T20:58:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/766cb52f67530d83aa2a8587654fafb5.webp

185.244.209.62

200 OK

766 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/766cb52f67530d83aa2a8587654fafb5.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
766 B (766 bytes)
Hash
30344d349ed09da25ca1e4e6f507581d
264ec8b315cf0007abc8db8bd1fc6519548cbc76
178e523b0432f3e0e9e334287d3e004b0a07471f32bc33aa5cfeade5256e5c94

HTTP Headers

GET /resized/size16/sfiles/logo_teams/766cb52f67530d83aa2a8587654fafb5.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 766
cache-control: max-age=94608000
content-disposition: inline; filename="766cb52f67530d83aa2a8587654fafb5.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 20:58:15 GMT
x-request-id: 915dc8c840b8d171e09c097cc357271b
x-time-ng: 0.061
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6393bba427fbe377f367e20578e8cef6-1bb3d584302fc51f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T20:58:15+00:00, 2024-05-07T20:58:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/mobile

178.253.29.51

23 kB

URL
1xlite-461430.top/web-api/mobile
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
23 kB (22914 bytes)
Hash
f0098b3ead2dd3b0401bccb88cc2c050
60d9da7274d96e341c9fb94c193cb74e5fb16d69
ddb7b3f4f4e06da2229f57559becdd70bbd706f68fd8958e230f09a793da0d80

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/mobile HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=18, dt_total;dur=49.416, wf-uht;dur=0.057
traceparent: 00-c35c02819eaad2975fd014b6793e4d1b-af5d99d8b901b8ed-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.039
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/fc0be048d83549b348e9127223d65e0b.webp

185.244.209.62

200 OK

566 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/fc0be048d83549b348e9127223d65e0b.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
566 B (566 bytes)
Hash
891ca739b1fbdbf40340a10054cc7ad1
bf65e127a52e64a1c83697389245434b1359ef7a
af3a27de7efb30c1c65dc64de6c7e4a915f57c5adb72fc1d2d75197df7b23414

HTTP Headers

GET /resized/size16/sfiles/logo_teams/fc0be048d83549b348e9127223d65e0b.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 566
cache-control: max-age=94608000
content-disposition: inline; filename="fc0be048d83549b348e9127223d65e0b.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 07:16:27 GMT
x-request-id: 13f8d2b9a05206473be71ebee9f21db7
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c714b958292452a346494cb6ff4d5058-911fb04833616c0c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T07:16:27+00:00, 2024-05-07T13:02:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/web/v1/config/actualDomain

178.253.29.51

962 B

URL
1xlite-461430.top/web-api/api/web/v1/config/actualDomain
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
962 B (962 bytes)
Hash
e90508cca101d9cb990de4c1ac272162
f2eff8d50f5d46fb966acd5ce6eae0e6928698f5
11d2a39f89bd0f2c2d4bce0007c223e73a00e54ac7423b3eff9ceec40b477e99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=54, dt_total;dur=63.277, wf-uht;dur=0.071
set-cookie: SESSION=256a1a0ce801c3285a57fba5d199a648; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-d56feaa99b28a919ffbef63f64d4091c-a998b9e63ac79b3c-01
x-dt: 285
x-time-ng: 0.058
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/c80f80eba29436abc7a07488934d4310.webp

185.244.209.62

200 OK

824 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/c80f80eba29436abc7a07488934d4310.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
824 B (824 bytes)
Hash
52f397f78a7b562ce1d9d9c8eee46873
f230df25921d0ade192420a7ef6c8185b7654ad5
3dcdc10d280bd6717995ee57d45f662cc31598d5d383d13293bb466b1c61778f

HTTP Headers

GET /resized/size16/sfiles/logo_teams/c80f80eba29436abc7a07488934d4310.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 824
cache-control: max-age=94608000
content-disposition: inline; filename="c80f80eba29436abc7a07488934d4310.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 22:02:09 GMT
x-request-id: 4b8c1cd61007cca3a5e0e69f90a6ab33
x-time-ng: 0.026
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e8c0068f18476312f33ca2395457415e-b7cdd069871d20aa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T22:02:09+00:00, 2024-05-07T22:02:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/328653.webp

185.244.209.62

200 OK

706 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/328653.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
706 B (706 bytes)
Hash
57d5b4a3154022f13f11610973ee27df
9e79f48801decec28d1acd0a0c0a0b7de56e8fe1
2c40046ccf8c67a5b842013f76d8e6fdba691f4001493575838119129c3bdb52

HTTP Headers

GET /resized/size16/sfiles/logo_teams/328653.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 706
cache-control: max-age=94608000
content-disposition: inline; filename="328653.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 02:00:58 GMT
x-request-id: c72aa6a842af8dd5f534db3dded04845
x-time-ng: 0.029
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ba40508efac57117d5ac42bf8160c870-5701841872b9ae78-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T02:00:58+00:00, 2024-05-07T13:02:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js

172.64.148.184

200 OK

83 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
83 kB (83412 bytes)
Hash
2f3f714ab35acee01d40d2959358f9e6
2d2f0b0dc5f2c47e8a11676e74bc279dca40823b
dd0cf6bc5ef03282e407dcb8c11fcdeda1c5ad3524aeb4f13ad9bc39fb7fd065

HTTP Headers

GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 611514
expires: Wed, 07 May 2025 22:03:49 GMT
server: cloudflare
cf-ray: 880480930d597130-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js

172.64.148.184

30 kB

URL
widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (29656 bytes)
Hash
83680ce862de40c43fc92e04b1ad0a3d
67eb6762545f4e1fee446794f4738d0f0577b6b4
e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75

HTTP Headers

GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 611514
expires: Wed, 07 May 2025 22:03:49 GMT
server: cloudflare
cf-ray: 880480930d4f7130-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5171), with no line terminators
Size
1.1 kB (1050 bytes)
Hash
5d231bea9b7df6bc1e9e74e3c0a231e1
2ef607f0c766fff1b4b1e90a2d98e7094c81721e
c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b

HTTP Headers

GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:54 GMT
content-type: text/css
content-length: 1050
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-41a"
content-encoding: gzip
expires: Wed, 08 May 2024 08:09:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b78788ba183af7839a767952ed2d9a31-b637e312c88c2300-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:09:31+00:00, 2024-05-07T12:50:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-07683518.js

185.244.209.62

8.9 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-07683518.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (39925), with no line terminators
Size
8.9 kB (8880 bytes)
Hash
5609f3d5d46109e5230f492c3d89cdcd
522c0a551da1db7753e72b6a629064a6170791d9
13f2ef217e2e8cc997cbcaa97126a6c31430ae1d073e406944364fb5f45f70e7

HTTP Headers

GET /_nuxt/desktop/default/vendors/Registration.Fields-07683518.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 8880
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-22b0"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cb3c91ad333250707f8ab9b9efe691bf-82451edc790418de-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:25+00:00, 2024-05-07T15:30:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/hd-api/external/api/web/v1/converslon/load

178.253.29.51

200 OK

18 kB

URL GET HTTP/2
1xlite-461430.top/hd-api/external/api/web/v1/converslon/load
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
gzip compressed data
Size
18 kB (17846 bytes)
Hash
9e3bc6bc41d656f4aa3b36dd5206b085
5d29a17f32243994931f5e88760719dc886c16cc
bab9c8b0955d6edea0ea601f0785276995f1c03b38cfe3b1f5eed178ccc56b44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:54 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-f9e9e09282495eddeb57377241064e51-4daf4800443ec2a5-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: ad11b7428c05cea2e3e1159246d7aecc
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=5.811, wf-uht;dur=0.020
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/config/all.json?lang=en

178.253.29.51

200 OK

31 kB

URL GET HTTP/2
1xlite-461430.top/bff-api/config/all.json?lang=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
31 kB (31112 bytes)
Hash
e355fb6f0c05b48008eee646eb87e682
225f747017ca8efda6014933818f6f8c60a5bcd0
4d96840b9c47ebdd111ae6848fcc18d1cee0f55ae43b7b63eacaceb6db3b7855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/all.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:54 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=2.62, dt_total;dur=4.185, wf-uht;dur=0.015
traceparent: 00-4534206e5b2aac59b2b7d2bddf8f7342-375ab3d413db183f-01
vary: Accept-Encoding
x-cache-expire: 587
x-cache-hit: 1
x-dt: 285
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js

185.244.209.62

66 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
66 kB (66479 bytes)
Hash
191ff223860f458112e0be2a63bd9857
850dd681d5b31321f00b8df955a455aa9478e44e
40e1fe6d194776c5fa845dda1dbebda9c2bc3154d8c45793ae74a2e1bf147016

HTTP Headers

GET /_nuxt/desktop/default/vendors/conversion-f0624fc4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 66479
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-103af"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:50 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e2fcd284d281ec6488aaae9b783a6504-a74b5dd7b8f85e39-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:50+00:00, 2024-05-07T14:48:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/60c7aeb54494.js

185.244.209.62

715 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/60c7aeb54494.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (714)
Size
715 B (715 bytes)
Hash
0a4d6d7efa89ba140b62c6aee5e8fc6f
9e5b132d8df77dc2fe824cf30a362084400f23c5
60e4e95557382dcdc956e8e80595030789aedfcf6c9f2ff90e92c5f4a2631e0d

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/60c7aeb54494.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:55 GMT
content-type: text/javascript; charset=utf-8
content-length: 715
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "0a4d6d7efa89ba140b62c6aee5e8fc6f"
x-amz-meta-mtime: 1714551564.671873539
expires: Thu, 02 May 2024 15:21:02 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ecbda0a1028fff3d3f7685d0a086e50b-fa86c4eb0174520f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:21:02+00:00, 2024-05-07T19:42:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js

185.244.209.62

504 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (503)
Size
504 B (504 bytes)
Hash
5387051085dcc459e7077d5d8000b85d
d22afab6c65228f0056f66e4f150783f6014e36b
34377c13fd72112cac96fba3642f084661361aea701a70ba3702c82c9bb42790

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:55 GMT
content-type: text/javascript; charset=utf-8
content-length: 504
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: "5387051085dcc459e7077d5d8000b85d"
x-amz-meta-mtime: 1714551564.675873475
expires: Thu, 02 May 2024 15:20:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-136bff96a6ec3f85c81a654bf7bf5c0c-cf04d2964507d2a2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:53+00:00, 2024-05-07T19:42:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715119429

178.253.29.51

200 OK

90 kB

URL GET HTTP/2
1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715119429
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
90 kB (90360 bytes)
Hash
9a149e2e65a0f731da3acfaf3e84fd31
ea3bbaba16766fe46c3f7b8795b6b2b61818a13f
30c7bf8a0f907d4e2afdd18d5bcd33a9d8065476665ece50bfbcbd1c35d215ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1715119429 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=14, dt_total;dur=40.042, wf-uht;dur=0.048
traceparent: 00-298dc4adc5d8ba556788d83fd8f06dd0-0b2309cc38b91c97-01
x-dt: 285
x-time-ng: 0.028
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js

185.244.209.62

200 OK

53 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
53 B (53 bytes)
Hash
bb7e15ec1662efa164ad912bd1c65e19
bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52
a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:55 GMT
content-type: text/javascript; charset=utf-8
content-length: 53
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "bb7e15ec1662efa164ad912bd1c65e19"
x-amz-meta-mtime: 1714551564.671873539
expires: Thu, 02 May 2024 21:01:37 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-48cb64e48522fbc4363c4b14cde195b1-79628a2bb51f8946-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T21:01:37+00:00, 2024-05-07T15:30:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js

185.244.209.62

200 OK

372 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (371)
Size
372 B (372 bytes)
Hash
441a6448f5a4242779baf6fc1399b13e
b646aa02b2ed08c1590c6f4536341cb2e51a4f1c
0eede7ea7bad647cc90b8044489561c58d2d5865e88ecc59a572589c6ccea6b7

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
content-length: 372
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "441a6448f5a4242779baf6fc1399b13e"
x-amz-meta-mtime: 1714551564.667873602
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6ad67af7341713e4a35f7692d4139180-98d71f619c2450cc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
14 kB (13852 bytes)
Hash
88f6102e718d1d690d463be3b5f05c85
10905141dff20e925d29aa068c83e7e424a86138
d863286367de9f797d44def2e5d471963340e54e118b9c7203ff0ce4636f6d6b

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:55 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"de79bf6739658de7bc537d692f3638fe"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:51 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-970f2d586ede8f1171a53891365f0fb4-7a2ad1b0c0df10cd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:51+00:00, 2024-05-07T17:01:36+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js

185.244.209.62

73 kB

URL
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
73 kB (73286 bytes)
Hash
32e4f522d8baf1be5d7ba3083928ffa4
e6b1985e213f77f01dee6a60150d12248eb3b893
72cbb597742f8659b7a018e368c4950202cd1d0538d2948fb9cf4cf2d7b65e1e

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_PLMWICWN.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:52 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 09:11:40 GMT
etag: W/"dfa127e93d125d4f6c566203eaf225f2"
x-amz-meta-mtime: 1715072814.257664589
content-encoding: gzip
expires: Wed, 08 May 2024 15:18:12 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8c405e83bb2d43a4168bdb8f26f27562-ea03de0d3007e13f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:18:12+00:00, 2024-05-07T16:01:01+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js

185.244.209.62

200 OK

435 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (434)
Size
435 B (435 bytes)
Hash
213bb33769eecf49a9d71c164b83a3d6
2caacec15b0665fc36759a6bdf499512788dd7f3
75e86ca16a3f828026bc32b7aab627175289750ac184bd505d531c591d2bf011

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
content-length: 435
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "213bb33769eecf49a9d71c164b83a3d6"
x-amz-meta-mtime: 1714551564.671873539
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1fc3df25e135d4541d59de50cc0c442f-cb0b2ce11cb53c1b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.6 kB (2595 bytes)
Hash
4c386a96d4864139c1cbf1ea3e4d45d6
234ab78c528adcf828bc63cb2b64c720e9b97a2a
5bd64c020842a91118db25aeae38264c89692e12b6a223a493a0608bcc724435

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: application/json; charset=utf-8
content-length: 2595
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:03:56 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3a9e96a04d11.js

185.244.209.62

200 OK

3.2 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3a9e96a04d11.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
3.2 kB (3178 bytes)
Hash
b61794c3ac2c78b2ec5b1d3c2393bce9
938a6083f55afcf7c1c5cc8f2a094d610b21c772
b8fa7d5fdcc2ffb622f5072b62ecc5ee191aabacf700ab87573c0c56e1c4ec19

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3a9e96a04d11.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"da4fcf0e06e63dbfcf3058f435e0a172"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a1ede557754e89e606a9d456130303bc-00bf4283d0c7adab-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_3.json

185.244.209.62

200 OK

133 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_3.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
133 kB (132724 bytes)
Hash
0765af9383f9ad64805f35f8f9347362
943d6b305de0ca22616f5af03f69036440e89580
1c5932ad39416fbe313cf7dc78ea2980a8a6ce7142c5185be62d31a16d3721c8

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_short_en_3.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:54 GMT
content-type: application/json
last-modified: Thu, 02 May 2024 09:18:51 GMT
etag: W/"d4f82c6941872614b6a2c18008e217be"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2e848d9e90bfc007b61a94db435cbdaa-53a21f0dcec528fc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-02T10:05:37+00:00, 2024-05-07T21:21:00+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js

185.244.209.62

200 OK

66 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
66 kB (65545 bytes)
Hash
e9b45f983d0a94e84fb2e27fa329a2ea
caf2a499df56eced6261aa4d07123eadbbef56fe
710fbcf835987e99682fc696d57a153df98c442b6ffb5b003561d0b1f79d852c

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: W/"1ca49088b69c49762c2b4dab10ebe060"
x-amz-meta-mtime: 1714551564.675873475
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-dd3ab9f522555e47c30009755b246597-a53854445935c0ad-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js

185.244.209.62

200 OK

66 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
66 kB (66105 bytes)
Hash
7158f47a0c2012dd34070888534a7fa3
6f63df955eba5763aee85c8432f2d5c80a0168f7
90e353b0cd78f524e81e78f20daf52f1b6f4df55a540fc796ed0067d3b48ec4d

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: W/"feb5d0c05443398468224d2944536b10"
x-amz-meta-mtime: 1714551564.675873475
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-84085b3388aaec89090b353dddfd2167-1e0a915e93776677-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js

185.244.209.62

52 kB

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
52 kB (51886 bytes)
Hash
9774c95a1c6a8a34e55a59e89700c484
874864cd4aeef9a5db90f44b648ecd4fe8036c82
c3ccad54d6eb863aa1fbbc498b5c802337b2b57d70b801b0552e2c4a11a49a74

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"7def1ae39ae3ec1a1a1d626c24e5a7f2"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2162f4ba9cedb1a35d354c852cc64047-e8017e5863fe31db-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:39+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg

185.244.209.62

200 OK

33 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3
Size
33 kB (32867 bytes)
Hash
590bf4dea9eca01477197273e697a2f2
48626617ea6e7e6dc8d78421d4bbe4775dab89c6
36c0fc192afc11c3ebd5d841732212db3903757fd382cbfdbbddbf74ddb4a1d5

HTTP Headers

GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:57 GMT
content-type: image/jpeg
content-length: 32867
last-modified: Fri, 26 Apr 2024 11:44:33 GMT
etag: "590bf4dea9eca01477197273e697a2f2"
x-time-ng: 0.027
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b0271371908c2f4d52dc8353ecc505ba-e7dda18f432ed9ce-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:46:26+00:00, 2024-05-07T21:22:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js

185.244.209.62

200 OK

29 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
29 kB (29086 bytes)
Hash
89b9c4d37dfab66463e10eba0a57c3ab
be8eb2ae522de31fa6a1c5821b8696f6a38b64a8
a5797ab21bb96578202fe02eb71472f5f286f3e05be1be31e801454a9e462a0c

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"e4a5e0e3cafb59fadf6c400cfd363b1a"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-310d55b8f4c79fd24ff6164014632267-9a5e4735d0428bc0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/resized/size24/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.2 kB (1196 bytes)
Hash
49db5443e120a9653d4ee999dc9686df
57bc47853935972be400e9c1acc85b314bb161d0
d8fcbb9d7583b0932233a931a67a727a86e117defb0269cdbd59a9d91e45d5ca

HTTP Headers

GET /resized/size24/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:57 GMT
content-type: image/webp
content-length: 1196
cache-control: max-age=94608000
content-disposition: inline; filename="65e3e972954419765c3ce21698edf6cb.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 12:37:08 GMT
x-request-id: a4c1423183e5856b35fd59765a3567e5
x-time-ng: 0.040
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ee3e6615e45be81f23ea86e9bca60dc6-69c793a0821415fd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T12:37:08+00:00, 2024-05-07T14:44:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/resized/size24/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1056 bytes)
Hash
fb306a4723886210af5f76099eeb4556
910fc4fb3c4d9407d1c536e7fadbcc85bd922880
2d60f98a12a00aaa589404f2ace0152c5dc649da9fe43b68e26d01b9f8c41319

HTTP Headers

GET /resized/size24/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:57 GMT
content-type: image/webp
content-length: 1056
cache-control: max-age=94608000
content-disposition: inline; filename="f5db46d24aea0f9d3d07d0be290981ee.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 03:17:14 GMT
x-request-id: f7ed644b24c1d3a82d5dc585f4496e90
x-time-ng: 0.036
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8daef3a858848abd4ae4268d8cfb3f17-f5bafe3e4478d9e0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T03:17:14+00:00, 2024-05-07T14:44:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
15 kB (14610 bytes)
Hash
2ccdf625b855ce93bc9b56a671accd6e
bc8f3a791f6251b714bafad614d15c477ba428e4
c5012a832581da604a5c57e8f822008f749fe484c6d24127ca91232af71169cd

HTTP Headers

GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:57 GMT
content-type: image/webp
content-length: 14610
last-modified: Thu, 08 Jun 2023 09:20:03 GMT
etag: "2ccdf625b855ce93bc9b56a671accd6e"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a087191fff5e1b425ed86bad86072e4b-b529ee7ae71ef5a4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-05-07T21:21:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
16 kB (15874 bytes)
Hash
99937fec94322155d99465451e84e5f4
0549b153f8e34c242f71817a038f7ebad37d27be
d35bc328538e182310574b3ff1d58134efedc49c9f3dbb43ec6df65fed624f33

HTTP Headers

GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:57 GMT
content-type: image/webp
content-length: 15874
last-modified: Fri, 26 Apr 2024 11:44:53 GMT
etag: "99937fec94322155d99465451e84e5f4"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-be59e869b1f01522554477d6aca227bd-fa6ec2881bc440fc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:45:30+00:00, 2024-05-07T21:21:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js

185.244.209.62

14 kB

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
14 kB (14420 bytes)
Hash
ad3e7fa6415825f42656150f89030e11
224b0cd4195bf759cd79a074aeaa5d5d2177fee3
9e510a24704752a874ec27929bb6920c4020571e6a17bd565049c26769b4f9f2

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: W/"22e67b67b6c959d57aa78ae317120f36"
x-amz-meta-mtime: 1714551564.675873475
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5eee08f801c9f908f4689612c615d34b-3b2f1ab300918902-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png

185.244.209.62

231 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 1380 x 248, 8-bit/color RGBA, non-interlaced
Size
231 kB (231413 bytes)
Hash
5f92240dea2753875e3104a6704f93e6
41d042b4876f18001842a761d05ad4a0575ca7f4
2d51f316311a3977d1dcee31a3332f720f72a842d8924ea4b8f014a23ca859b7

HTTP Headers

GET /genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:57 GMT
content-type: image/png
content-length: 231413
last-modified: Wed, 21 Jun 2023 09:54:48 GMT
etag: "5f92240dea2753875e3104a6704f93e6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-56f172f67090e768435e607734767175-bf7e67e214340721-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T12:28:11+00:00, 2024-05-07T21:21:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3
Size
17 kB (16730 bytes)
Hash
ebce475967e6d85db5bdbde23e85eff7
496e2c75b549fe82d3f6dfbb3976096e0cae2ae7
6a1892ac412355576c6427f173d8b26757bdf0c8ec3aa149b6d1cfbc97408b9f

HTTP Headers

GET /genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:57 GMT
content-type: image/jpeg
content-length: 16730
last-modified: Mon, 06 May 2024 09:11:06 GMT
etag: "ebce475967e6d85db5bdbde23e85eff7"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bde71a6e4b84c69ec9d251b8a19b0f83-7a5683422496169e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T21:21:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1094 bytes)
Hash
6bd1a4bfa55aad56422400c489942897
17b4372b5ac8430ca744684686cea67969a15cfe
9f4ff586f0724b113f76a8bb64339eedabfc637511a2529e7194248d0554da4c

HTTP Headers

GET /resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:57 GMT
content-type: image/webp
content-length: 1094
cache-control: max-age=94608000
content-disposition: inline; filename="1705962ffbc1e568500d02753d414082.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:51:53 GMT
x-request-id: 1092693db696d60f31712e8ba12deb0c
x-time-ng: 0.062
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-96a122cb66e8684fb2b9e015ae9dcad0-eac1812ebc643451-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T14:54:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/167095.webp

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/resized/size24/sfiles/logo_teams/167095.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1142 bytes)
Hash
3d0ce9ce8b6dec70e6e0f31effa9f219
018de590437492f15fc3647997bfbaa759f16da9
f4395f007bd01851a93ccf6842c69c3f4cc1c39e4d5c3b71c881c674e85cccc8

HTTP Headers

GET /resized/size24/sfiles/logo_teams/167095.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:57 GMT
content-type: image/webp
content-length: 1142
cache-control: max-age=94608000
content-disposition: inline; filename="167095.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:51:53 GMT
x-request-id: e27ef69f33230d500def92477b09e641
x-time-ng: 0.067
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7f768f90fc128bc27c0fe1e14a08f5cb-f2728ab6a9507289-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T14:54:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp

185.244.209.62

200 OK

18 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
18 kB (17490 bytes)
Hash
b7e3857cdc8cbde71f63af81a61f5cfb
deeb62ea6e9b702bb9e3f395483c3c00445adcf8
786e67817e82780aaeb0d2bca1e57e06fff5ae9fa89b2747b1af57913886e25f

HTTP Headers

GET /genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:57 GMT
content-type: image/webp
content-length: 17490
last-modified: Wed, 21 Jun 2023 09:54:55 GMT
etag: "b7e3857cdc8cbde71f63af81a61f5cfb"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c2a77e317b147f5241e7a69f40458f8d-ed241494dc5ca690-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T15:26:35+00:00, 2024-05-07T21:21:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp

185.244.209.62

200 OK

8.8 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
8.8 kB (8798 bytes)
Hash
f7820c059ddb01f4b4e68e42a5e460a1
195804c0235c39f4262f97fe2761100319ed9595
cf0d38ba0dc4de44a0fc90d2592209998ac959644b187014ec028a4c0fddd3ab

HTTP Headers

GET /genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:57 GMT
content-type: image/webp
content-length: 8798
last-modified: Mon, 06 May 2024 09:11:30 GMT
etag: "f7820c059ddb01f4b4e68e42a5e460a1"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f452f0bfb68207d3ef629fc395626c19-776957de8901ee7b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:50:36+00:00, 2024-05-07T21:21:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2e7e82ef0fd8.css

185.244.209.62

200 OK

78 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2e7e82ef0fd8.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
78 kB (78521 bytes)
Hash
2bba75341ad4eaabc019277a1f3e768e
ef82abea999ba0972d5e1b7c51d3d53182f1a36f
daaf64621beafc92f4783a3908f29ff211bb9282beac1d6e7dc1c0a48624375a

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2e7e82ef0fd8.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:55 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"86bbeccf1800ba74e6c228c6ac503cef"
x-amz-meta-mtime: 1714551564.667873602
content-encoding: gzip
expires: Thu, 02 May 2024 12:56:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-62fc4a2eb4d660678209a0c0395b9a26-53af9ea60d77f483-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T12:56:07+00:00, 2024-05-07T15:30:07+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
15 kB (15395 bytes)
Hash
de7e23dd62b7ee5e2872c3faf3111b46
72598ac5a391e7fe59238b9bf11381dc5681b387
6126e10cd222fed9d9a0301df20e1bb23b90fb168d868f7f0ee1acd1e28c33b5

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: W/"76cb7b38bd7dd009e525ca10453839cd"
x-amz-meta-mtime: 1714551564.675873475
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1680b475a6c9b6dace69ffff6ca6d156-43a2b0ba983ec671-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:39+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

200 OK

23 B

URL POST HTTP/2
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
6e02fcdd1c93e90a455a1888183d5617
b08d2fd69d06fd3acae7a6f48cb3a942fac2afed
e33c729f32becc20e5fa732d7904eeb9d3b92feee38c6aaadeb817ab046fdf2f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Content-Type: application/json
X-Lang: en
X-Uuid: 2053ad59-04e3-4b27-be23-d8e322067df5
Content-Length: 99
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:59 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:59 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5c0dd2d66988ec0fbb0fc743cbdd8dce-e3968e70577bb27b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-07T21:12:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

65 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:59 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cad3674b1ca9521127d452fbac863330-e3980acc45b7e701-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T21:46:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:59 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-521fe4c1ac78cada9f44ec68b82f80ae-2d1104efcf7ab93d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T21:37:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js

185.244.209.62

200 OK

2.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6444), with no line terminators
Size
2.4 kB (2434 bytes)
Hash
60f915b0daad3af04303726381897e81
133c20a7f58c18758483c23f595d5a4f22ba9371
320b5a7d25c926dc55eb7a53f4348bf7c34bd7f5bc6ad3bcd1d16029239dc3a1

HTTP Headers

GET /_nuxt/desktop/default/analytics-a8ae3276.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-982"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9651ceb27079efea672a5217b6d43ee4-1df302ab12aa0995-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:52+00:00, 2024-05-07T09:24:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

200 OK

266 B

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
266 B (266 bytes)
Hash
f8ff37b50397222b6b0fc5254695b78c
246172bd71b85ecac94c7cbe5a4d35b0e17d3e2f
8729571270ff6fca33ba3564cda631a6133387c9a2cb7ec221ec73d91fa6d829

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:00 GMT
content-type: application/json; charset=utf-8
content-length: 266
cache-control: no-cache
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:00 GMT
vary: Accept-Encoding
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js

172.64.148.184

108 kB

URL
widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
108 kB (108258 bytes)
Hash
e7df9657eff9b95f1ef6463cfc41730e
0da482f10789c69a08a1d7a04d4b1917a0f42423
7f2dc570cd7c62b9ab89b46ec69c8f9d15d8a654254096ecc268246e00aceca0

HTTP Headers

GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 621355
expires: Wed, 07 May 2025 22:03:49 GMT
server: cloudflare
cf-ray: 880480932da27130-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.168

64 kB

URL
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
64 kB (64448 bytes)
Hash
57b62d5e0dfc09721c02d5929ef91ce3
c70c83e306a7f1e00e6b1904b11dc676f04ef733
4097bd032e776994c2b75a7395d343166ae0f5a16095387ff82e31d1aa747548

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 22:04:00 GMT
expires: Tue, 07 May 2024 22:04:00 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64448
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.168

200 OK

106 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10899)
Size
106 kB (105876 bytes)
Hash
4cf49bd2829baa84b3a262c20cce5184
e7714481a4c6fcc2a25caefc017fbcd9acfa6caf
b27100eed19142e85728fb8cbed0b9d7f40bd5eda5614fc06a11b5156e02ead2

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 22:04:00 GMT
expires: Tue, 07 May 2024 22:04:00 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105876
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

154 B

URL GET HTTP/1.1
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 07 May 2024 22:04:00 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Tue, 07 May 2024 22:14:00 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

1xlite-461430.top/hd-api/external/api/web/v1/j/f0cg1i2h7h7g5e14ee131c82e3d6f5b74ef8190b7f65fbe7e1d8

178.253.29.51

516 B

URL
1xlite-461430.top/hd-api/external/api/web/v1/j/f0cg1i2h7h7g5e14ee131c82e3d6f5b74ef8190b7f65fbe7e1d8
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
516 B (516 bytes)
Hash
8859d653913170dbfcd781aa3cf66b6a
28927fc45a38f60481ebef1fd2d29565f1977aeb
7598a273be23ae4661d5f8bf7e521d3714e54999e53c96b245d00ed6285c8463

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/api/web/v1/j/f0cg1i2h7h7g5e14ee131c82e3d6f5b74ef8190b7f65fbe7e1d8 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105936
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:01 GMT
content-type: application/json
content-length: 516
content-encoding: gzip
traceparent: 00-a8520df56175a731550c04af01e8fa85-4d01877fa8db60a3-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 68deb5ea31bb46b41b50ded94af37e80
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=12.573, wf-uht;dur=0.035
X-Firefox-Spdy: h2

radar.cedexis.com/1707728419/stub.js

45.54.49.5

271 B

URL
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:0
ASN
#63911 NetActuate, Inc

Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
271 B (271 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 22:04:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:51:01 GMT
Vary: Accept-Encoding
ETag: W/"65c9ea05-186"
Expires: Tue, 21 May 2024 22:04:01 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=53938390.1715119441&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1103583603

172.217.21.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=53938390.1715119441&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1103583603
IP
172.217.21.163:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97
ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=53938390.1715119441&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1103583603 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 May 2024 22:04:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.6 kB (2595 bytes)
Hash
4c386a96d4864139c1cbf1ea3e4d45d6
234ab78c528adcf828bc63cb2b64c720e9b97a2a
5bd64c020842a91118db25aeae38264c89692e12b6a223a493a0608bcc724435

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:01 GMT
content-type: application/json; charset=utf-8
content-length: 2595
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:03:56 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

200 OK

2.0 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.0 kB (1975 bytes)
Hash
d03cf3095bb08ba3285ecf36d19ddc20
2c495c8da20e193875da6243654344153a04c05c
75813e60036044654b4310f20274275a45659906bd7ce4caff70ff6c6dccc149

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:01 GMT
content-type: application/json; charset=utf-8
content-length: 1975
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:01 GMT
vary: Accept-Encoding
x-time-ng: 0.060
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.071
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715119440436&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=53938390.1715119441&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715119441&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Ds_42282m_355c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255Digetp25b33b2e8d_d27775_l109266_clickunder%26pb%3Dfaaf2011d3a14c35b9037a1c1a40940b%26click_id%3D93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=20466

216.239.32.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715119440436&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=53938390.1715119441&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715119441&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Ds_42282m_355c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255Digetp25b33b2e8d_d27775_l109266_clickunder%26pb%3Dfaaf2011d3a14c35b9037a1c1a40940b%26click_id%3D93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=20466
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715119440436&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=53938390.1715119441&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715119441&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Ds_42282m_355c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255Digetp25b33b2e8d_d27775_l109266_clickunder%26pb%3Dfaaf2011d3a14c35b9037a1c1a40940b%26click_id%3D93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=20466 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Tue, 07 May 2024 22:04:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.51

200 OK

2.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.5 kB (2536 bytes)
Hash
4851a09f6d1658db898e421d1f8892a8
b8e2e5422703b11a0bfac67ad55a3b053dee62be
7e3c3645d338504d5389f2024afbb8982e7fbf493cfdfeb81f8f9476e675b6ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:02 GMT
content-type: application/json; charset=utf-8
content-length: 2536
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:02 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
1.5 kB (1543 bytes)
Hash
9406423022cdc67ab2d8c4a65e744928
d9f4785d3dc75e16bf207b200122bd7312a3db86
d76fdbdb824559db284a82567e471ddbb023676cda377197e51e6b287920b707

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:02 GMT
content-type: application/json; charset=utf-8
content-length: 1543
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:02 GMT
vary: Accept-Encoding
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

200 OK

1.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1474 bytes)
Hash
04b5aa42fee598aaf4ab26a0b2e83ed1
eba1d4884fee354230db506d50e70f86aec13b6b
4fd2d6bc715681011ee2207339b8932909cb8827177d0b16d997a93203eb401c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:02 GMT
content-type: application/json; charset=utf-8
content-length: 1474
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:02 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.021
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.jpg

185.244.209.62

200 OK

28 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1380x248, components 3
Size
28 kB (27999 bytes)
Hash
92e7a5868a7de2dcfa53b65bbdb98923
a26cfb8240552c368422ea594211d80e2a8aac06
e192736750fa781f44c9af7064b09b5c1acd09a46405315ed61cfe1a50fa5256

HTTP Headers

GET /genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:03 GMT
content-type: image/jpeg
content-length: 27999
last-modified: Thu, 02 May 2024 12:00:34 GMT
etag: "92e7a5868a7de2dcfa53b65bbdb98923"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0617ca1ef6cad558fccc1c10bd3e209e-bcb78c9f1d38caf7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:41:09+00:00, 2024-05-07T21:21:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

14 kB

URL
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
14 kB (14530 bytes)
Hash
f086c670532137a4b8a2c3eefb056b53
9b5ed15434bc2c6eeae75fb4b32a65f00d706d3f
9dc8641c3a33f73a68dc966fe814be11bb48e61f0367d2097b489601e924142f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:04 GMT
content-type: application/json; charset=utf-8
content-length: 14530
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:03:59 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.6 kB (2598 bytes)
Hash
bb27ee668984ce4e6d1de93fd1689181
148f01ac9ecdd88881a72282bc71fedd657dc17c
bb16ebc2f3f9fe31111903871cb6ee87af01ef06695677f61376d7471c253307

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:06 GMT
content-type: application/json; charset=utf-8
content-length: 2598
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:02 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3
Size
17 kB (16730 bytes)
Hash
ebce475967e6d85db5bdbde23e85eff7
496e2c75b549fe82d3f6dfbb3976096e0cae2ae7
6a1892ac412355576c6427f173d8b26757bdf0c8ec3aa149b6d1cfbc97408b9f

HTTP Headers

GET /genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:08 GMT
content-type: image/jpeg
content-length: 16730
last-modified: Mon, 06 May 2024 09:11:06 GMT
etag: "ebce475967e6d85db5bdbde23e85eff7"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2fe6d7aa2d8129a87bb8c93a83797ed5-247404cbb036f394-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T21:21:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
1.5 kB (1545 bytes)
Hash
98fc1764cac52846f2c31a4601e7dc7f
d93e95e695e4e183def96afa27f2cf2bb0a2405f
83a957a3abdb5658a694a89846451592a299555a1ba8dc23e2a37afb21d45e26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:08 GMT
content-type: application/json; charset=utf-8
content-length: 1545
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:08 GMT
vary: Accept-Encoding
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.026
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

200 OK

1.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1474 bytes)
Hash
07f5c242173a627475ef2b50f5de9457
e1aa27980dbba098a7bcb677a8b36f6ed5fba08f
10fb62cbba154e448b93f80ccd501fb7c0fde2c09426efdf2130b6fd355f66d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:08 GMT
content-type: application/json; charset=utf-8
content-length: 1474
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:08 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

200 OK

1.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1468 bytes)
Hash
d1a9ac725d7a696724591de2a3f360a3
2bf99d772ae8920281902d2d8e910fe687016c21
0c39728a292282103adb82fd11a6cfff5a84af4eae3f58707b0f107f41f1d991

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:08 GMT
content-type: application/json; charset=utf-8
content-length: 1468
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:03 GMT
vary: Accept-Encoding
x-time-ng: 0.008
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

15 kB

URL
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
15 kB (14575 bytes)
Hash
0efe5fc9f4e2ab7fc3b063f137cda89d
d2c89ae5d83dc9cc017e4bade1ae3e960b01bb21
3a08083e0650a2c254ef1caf622f54a14bb16aea16584b2fb388a7089d20a000

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:09 GMT
content-type: application/json; charset=utf-8
content-length: 14575
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:06 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

200 OK

266 B

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
266 B (266 bytes)
Hash
f8ff37b50397222b6b0fc5254695b78c
246172bd71b85ecac94c7cbe5a4d35b0e17d3e2f
8729571270ff6fca33ba3564cda631a6133387c9a2cb7ec221ec73d91fa6d829

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:10 GMT
content-type: application/json; charset=utf-8
content-length: 266
cache-control: no-cache
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:10 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.021
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

200 OK

2.0 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.0 kB (1978 bytes)
Hash
23121fc43ea8f7917d004e3684eb69be
236f5290b063e1d82a00ca0e0d903f354a5ba8b6
25217b9fbe88b33e1c7a26c844e72072cd7cb7e956f19e457c689b3874ef25c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:11 GMT
content-type: application/json; charset=utf-8
content-length: 1978
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:11 GMT
vary: Accept-Encoding
x-time-ng: 0.059
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.066
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.6 kB (2615 bytes)
Hash
a37026a138d44100fdc33c1dea641c7f
764030391d968f6035452b7acf26ca84ef994ac5
1bb8f9443edd82ab5f2ba9b928f1cc49a8a990b68ba116d54bb05d9f0e61f2b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:12 GMT
content-type: application/json; charset=utf-8
content-length: 2615
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:08 GMT
vary: Accept-Encoding
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.51

200 OK

2.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.5 kB (2534 bytes)
Hash
b2e96cb53799097d988cb89487da627f
e243b79edc30ba8c3cacec487c207ce425ab1b61
da64631977c0ccd3f29003dc8cd2a78f04faa2f378d6a73f2ea985da0035e10f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:12 GMT
content-type: application/json; charset=utf-8
content-length: 2534
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:12 GMT
vary: Accept-Encoding
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/7b22f4ca03c927ca1e848ce9ab02cbb5.jpg

185.244.209.62

59 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/7b22f4ca03c927ca1e848ce9ab02cbb5.jpg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3
Size
59 kB (59159 bytes)
Hash
3c551120cdcb3b8cb34b7e88fa69c8c8
f9706e9c69281c88f3429c1ec1c276b51080205e
5074f97fb8c9f81cfd6cc2fd35f94ed096b63c21f495279526f01f58f9b0d538

HTTP Headers

GET /genfiles/cms/1/desktop/banner/7b22f4ca03c927ca1e848ce9ab02cbb5.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:13 GMT
content-type: image/jpeg
content-length: 59159
last-modified: Mon, 06 May 2024 09:01:15 GMT
etag: "3c551120cdcb3b8cb34b7e88fa69c8c8"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3c7780fec4a5ad6d9b9c5458b3221bf8-be64839f98e0d5ac-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:47:04+00:00, 2024-05-07T21:21:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/6884.webp

185.244.209.62

1.4 kB

URL
v3.traincdn.com/resized/size24/sfiles/logo_teams/6884.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.4 kB (1356 bytes)
Hash
4675aff241583e92737ecf4fe2df1c49
79858a163ff9fb5a92473132c67a0d542b2dcdf6
7c6075e3d19715fa0c8bfad733c180f63d564fff020e9a52a1de6d06cef1891e

HTTP Headers

GET /resized/size24/sfiles/logo_teams/6884.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:13 GMT
content-type: image/webp
content-length: 1356
cache-control: max-age=94608000
content-disposition: inline; filename="6884.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:47:01 GMT
x-request-id: d562c44e30a229e977dc42ddbfecfbaf
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f322da7467989d2bca3c07c89ea893db-024354de5da5f4f3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:47:01+00:00, 2024-05-07T14:48:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

4.7 kB

URL
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
4.7 kB (4707 bytes)
Hash
52ff937554b61ce39516b7a02c81aea6
b12ee7c8a4ae3723e037b9940e17f9712a39e4db
b30c3084c2c82454ad165a3c6e4c31bd28ea9ea0387a3e9cf6505bb3f706b6a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:08 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=30, dt_total;dur=269.887, wf-uht;dur=0.340
traceparent: 00-48a1b826e671e6aebe2f3ad5fe92a299-4da5ef842cc6f3c3-01
x-dt: 285
x-time-ng: 0.050
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/7b22f4ca03c927ca1e848ce9ab02cbb5.webp

185.244.209.62

31 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/7b22f4ca03c927ca1e848ce9ab02cbb5.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
31 kB (31234 bytes)
Hash
d10327c67388c7f2d22dd540c7c4f7ca
0604b663f90ce188b6fce918f68467a27ebb4baa
ea4b13e83c72a3669c6aea3934e0a4716e2efd55c010a2696609f98afbd6005e

HTTP Headers

GET /genfiles/cms/1/desktop/banner/7b22f4ca03c927ca1e848ce9ab02cbb5.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:13 GMT
content-type: image/webp
content-length: 31234
last-modified: Mon, 06 May 2024 09:01:44 GMT
etag: "d10327c67388c7f2d22dd540c7c4f7ca"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d4f88918e1aabd48c323d2a1ad44bec2-6aff11b93cdfde65-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:47:01+00:00, 2024-05-07T21:21:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

8.3 kB

URL
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
8.3 kB (8345 bytes)
Hash
52ff937554b61ce39516b7a02c81aea6
b12ee7c8a4ae3723e037b9940e17f9712a39e4db
b30c3084c2c82454ad165a3c6e4c31bd28ea9ea0387a3e9cf6505bb3f706b6a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:02 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=126, dt_total;dur=175.502, wf-uht;dur=0.248
traceparent: 00-7bf3c5955b52be76bd85351304e4b4e1-eea480392f5aa398-01
x-dt: 285
x-time-ng: 0.166
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

200 OK

1.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1475 bytes)
Hash
ff646370cd009d38aa1a64f01c105f2f
bd86aff1e9a7262a7b5818f63958f92f496bccad
c8060f0772ebea101dc8d439e6977f22110d77684892f921b73c18261d16d03e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:14 GMT
content-type: application/json; charset=utf-8
content-length: 1475
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:14 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.028
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715119434

178.253.29.51

200 OK

3.0 kB

URL GET HTTP/2
1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715119434
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
3.0 kB (2988 bytes)
Hash
e1f611cf14eaddf1f8d20d15a72da2f4
e946bc3c9147bb2be87d218d043eba368aa3a811
0af576655a1427eac451aa649901f8029adbcf4e288166268ab22396198c2d5e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1715119434 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:54 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=14, dt_total;dur=15.063, wf-uht;dur=0.028
traceparent: 00-a6a1f9ae7e4e16c2e3035c5094bc7627-45f59b4db2e93b25-01
x-dt: 285
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

14 kB

URL
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
14 kB (14511 bytes)
Hash
aca8f771aeaad2bccd980a25eb8f2d88
b1ce31f7d64bb8e2dfeca2155644f55cee669111
68651f0e4ffee6be07357f4de04a4248611ebca0b4571e4d45d260cde7b7a92d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:15 GMT
content-type: application/json; charset=utf-8
content-length: 14511
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:12 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.6 kB (2620 bytes)
Hash
32875e49d2c0a45d82d438ffe38cfa60
5ecc3447e4b41953d38d9c0bb182ccb2cc7a7414
bd1395a4f9507047e8300660bccfed42e07d59788b85012d2a517b6296a2ffb8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:17 GMT
content-type: application/json; charset=utf-8
content-length: 2620
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:17 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.017
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp

185.244.209.62

20 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (20522 bytes)
Hash
95767496ab1dce71f394c97620666756
127389c7327fec508549222dd477edbd524e33dd
fca493b566204dfff5ef8b8cd6c74c40659c812ac6665696dd5c66c664a31c7e

HTTP Headers

GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:18 GMT
content-type: image/webp
content-length: 20522
last-modified: Thu, 08 Jun 2023 18:05:27 GMT
etag: "95767496ab1dce71f394c97620666756"
x-time-ng: 0.006
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4cc4642a6d43e94bad3e9264071ad0a4-d90a820e714a8317-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-05-07T21:21:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
1.5 kB (1543 bytes)
Hash
d317a7668385ccf1b74f3627bb1ca7e6
5604b71463917e054265fa7fd186b2ad613b0806
6617d90e673b70154c5972136d2365fc8eaeb77cece2d6563566a98b888804b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:19 GMT
content-type: application/json; charset=utf-8
content-length: 1543
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:14 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

200 OK

1.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1475 bytes)
Hash
ff646370cd009d38aa1a64f01c105f2f
bd86aff1e9a7262a7b5818f63958f92f496bccad
c8060f0772ebea101dc8d439e6977f22110d77684892f921b73c18261d16d03e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:19 GMT
content-type: application/json; charset=utf-8
content-length: 1475
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:14 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

200 OK

1.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1468 bytes)
Hash
d7623346eb573ed0a30817320b8606e3
8299de94d6555ddc3e19a3398ca86192bd2cf66d
6764a85b9ffb34b6e755a487446ee6d84df3c154fbbf6bbf22a97c536146958b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiU2dkdm5qeURDVCtKUnRpY0lRcXhpWFF2Z05lR0g5Q2xORSs3N1A1SVhkaVZ5RHFIT3hNWkdnd3d0TUxsang0cU5CTmlUOUphSmQvTElLUDZwaGl6OHJIcFgvM0k0eU9PUEk3OHJueWZjYW1jem5UWU1MSnhxeks5WFVVVDNLSlJRNnJpN21KanpDSUtLeXRUM3J1ZkFEcXlqK3ErcEM2eU5XTlhqL0xoanVwMXlZWURYdWxmUzRkeGV0bHBqL1Z1N0tNMWxWYUorRUVBODB2WWlxbWhnOGM1YWVDa0hqMkxIRmhrZjhleGhXSXZVbHZrcU1xQlBoMkZkOXdBblF5Y3dIeUY4NWFEMEpmT0xqVWswV1hUSHRJVTFsM0VvNkw1d0dmR3BTT1hGaDhRIiwiZXhwIjoxNzE1MTMzODQxLCJpYXQiOjE3MTUxMTk0NDF9.Q3JJYg2XLAAg_W_nXLNvRK-eTT6nBbzd57m9mw5Bd6D29DqsF5Mo8MlqtM2FEs-oF67LFK7L5kVpDYTK1OaJIQ
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167; _ga_7JGWL9SV66=GS1.1.1715119441.1.0.1715119441.60.0.0; _ga=GA1.1.53938390.1715119441
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:04:19 GMT
content-type: application/json; charset=utf-8
content-length: 1468
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 22:04:15 GMT
vary: Accept-Encoding
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/124fa6e369fed899d978d055e23bfba4.webp

185.244.209.62

200 OK

614 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/124fa6e369fed899d978d055e23bfba4.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
614 B (614 bytes)
Hash
5e9eeee8a22767e3f56b6ac30140a6c5
98914a16ea0c80ec0f6effff88e74130cb32c9be
851d95dab538278419f81af7b2a0b24a0ac3231836d78731a3b76fb2e78f2578

HTTP Headers

GET /resized/size16/sfiles/logo_teams/124fa6e369fed899d978d055e23bfba4.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 614
cache-control: max-age=94608000
content-disposition: inline; filename="124fa6e369fed899d978d055e23bfba4.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 06:02:37 GMT
x-request-id: 70cdcc4f230258ccdaa2942f641af536
x-time-ng: 0.043
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b44ec0c89c1baa66424bed551eeb669a-dc8806142351de71-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T06:02:37+00:00, 2024-05-07T21:44:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js

172.64.148.184

200 OK

107 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107186 bytes)
Hash
d0a7ecc59065580118a9ea8880c58962
21573546ac5011592094ef6aea0696ccdeb2164d
e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5

HTTP Headers

GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 621355
expires: Wed, 07 May 2025 22:03:49 GMT
server: cloudflare
cf-ray: 880480932da37130-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/coloredSvg.svg

185.244.209.62

200 OK

75 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/coloredSvg.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
75 kB (74830 bytes)
Hash
fd241a06afa4bae60c4bbab7fa1a9a5b
1716e53300c5e6d6863927d2a2bac373c89a35bd
713fe337ae15db05269c2db25a6f3045800c812320eb439b2000558041df2bcc

HTTP Headers

GET /sys-icons/1.0.328/285/coloredSvg.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"fd241a06afa4bae60c4bbab7fa1a9a5b"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:11 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b2f96d3e8569c51a20f854e715ae838b-ef20c580d16aa07d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:11+00:00, 2024-05-07T13:24:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js

185.244.209.62

200 OK

424 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (441), with no line terminators
Size
424 B (424 bytes)
Hash
f911ee0234277e327d2c022f302a7c00
8bb8735151af34da1b8b5535d8edba40ef651880
8d6afd5d1b2268065bd9d67a99b954636dc4fb05939280c2a32738040f8fb0e5

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
content-length: 424
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: "33e7498a57ccd45d4321735d481a7313"
x-amz-meta-mtime: 1714551564.675873475
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-db0d9c267bd8ebf1ddb189b7413d1478-86cfac15b6622221-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/sports.svg

185.244.209.62

200 OK

378 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/sports.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
378 kB (378005 bytes)
Hash
0c52e0c32f8f2667a72e0d57b63e02a3
a0fb81e89f2510e228c1298f2d107f5672c0a03d
ed4dcc337364c73f4382c79e759156e064823c54a2f78d2747bafd87d41abe73

HTTP Headers

GET /sys-icons/1.0.328/285/sports.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:48 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"0c52e0c32f8f2667a72e0d57b63e02a3"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:02 GMT
cache-control: max-age=86400
x-time-ng: 0.004
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3f5d03eaf4b237c802ae2dd6f20ebe51-7a550344e9bff76e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:02+00:00, 2024-05-07T14:01:00+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1228 bytes)
Hash
1ff133ab01d208b0d686dd88d85e239a
86a0501b79a1c553eadc829177a9e6ffff1948be
9ac21c63d1c8b7abe4c94550a731baff995d34c745c1d08fdf8d5e5c8de268f1

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Apr 2023 11:51:30 GMT
etag: W/"3ae81b002dca46d3b732ce3e03ae35c6"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-71366104fe33bcaf3e7fd9bb50217f31-96188d65e4359c96-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:36:11+00:00, 2024-05-07T21:16:10+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size14/sfiles/logo_teams/9fb7f9de5a12bf88624578eaa9e3b85f.webp

185.244.209.62

200 OK

774 B

URL GET HTTP/2
v3.traincdn.com/resized/size14/sfiles/logo_teams/9fb7f9de5a12bf88624578eaa9e3b85f.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
774 B (774 bytes)
Hash
75ab0e413e7b4e422ec9d5ccfeee4cb1
c3c34a3b6c4bb5f0f3cc66ca855a733520bd53ea
b5713b1a66c2fc243e3c66e07889077a4cf9cb47f401186b942fa29f59d61ed2

HTTP Headers

GET /resized/size14/sfiles/logo_teams/9fb7f9de5a12bf88624578eaa9e3b85f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:52 GMT
content-type: image/webp
content-length: 774
cache-control: max-age=94608000
content-disposition: inline; filename="9fb7f9de5a12bf88624578eaa9e3b85f.webp"
content-security-policy: script-src 'none'
expires: Tue, 09 Feb 2027 00:06:23 GMT
x-request-id: 40f1bb1798645433c7a535e2afa7c410
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f5273a34c9b7e7fee1a7aa0ff4601365-8fe49b24e2173237-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-10T00:06:23+00:00, 2024-05-06T07:17:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/641231.webp

185.244.209.62

200 OK

808 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/641231.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
808 B (808 bytes)
Hash
5746c654e11130ec1decde5a3169bf14
dee0982d8a4d7058853e805347a5cacaa569df22
ed6dd1a44e99189ba1028a5b97f2b1bd30057b03c123a63669add11c0fee0ba9

HTTP Headers

GET /resized/size16/sfiles/logo_teams/641231.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 808
cache-control: max-age=94608000
content-disposition: inline; filename="641231.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 11:51:24 GMT
x-request-id: aacfcaab4c318e345ecd74e5055a9e1c
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3ac4c17bdfe5bb0f9370ee4f3c0bbdcc-39f8c9320c63a492-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T11:51:24+00:00, 2024-05-07T13:02:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js

185.244.209.62

200 OK

6.7 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6727), with no line terminators
Size
6.7 kB (6662 bytes)
Hash
ed2a8d5d1ad99dc79beac3c3a26c21fd
a3befe6e70a97754d0feba8b38fe61aef19e5c2a
402c810bef353caeea78ee1634c4e20d3bba8aba317c29f69d856d3e326ee628

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"db345f9ab9f4b60494ed02dd78f38d79"
x-amz-meta-mtime: 1714551564.667873602
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3946d3ee0865678e90aa7542ac05a7d2-6be390ab8e4a66f1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css

185.244.209.62

200 OK

26 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (25893)
Size
26 kB (25894 bytes)
Hash
6aa11e1c24ebb592cd2fe02d36340453
4349fd09415cddb1d56b5db4a33fc9495f926623
00526da4cdf3c3eea551dca4993330b59e091678f328c29127d0d55868525857

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:55 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:40 GMT
etag: W/"6aa11e1c24ebb592cd2fe02d36340453"
x-amz-meta-mtime: 1714551564.667873602
content-encoding: gzip
expires: Thu, 02 May 2024 12:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4a5c03c5b98bb47c6b291377c26ef017-e03cc1349d29626a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T12:28:29+00:00, 2024-05-07T15:30:07+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1063), with no line terminators
Size
1.0 kB (1024 bytes)
Hash
41ad46b89bddf6099bbfe8a7f7e8e5db
96945b61c321c2736dc5bbbfb643bfea43fc8f57
263d8c8e23eeac579f80376ba8ac0850dfc36b7cfb420b90aa183dc716931a4a

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:55 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"b49b08255ad6dd3864f907913b849ebe"
x-amz-meta-mtime: 1714551564.667873602
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cb942f2773e400bcb179b1e5383a9df0-7970481485adc76d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:37+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js

185.244.209.62

200 OK

69 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32238)
Size
69 kB (68856 bytes)
Hash
138de5d55ee831195dd90bbf5c557926
4413082980942643803d8d4567df2f8395c0e868
55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd

HTTP Headers

GET /sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:52 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 09:11:40 GMT
etag: W/"138de5d55ee831195dd90bbf5c557926"
x-amz-meta-mtime: 1715072814.261664647
content-encoding: gzip
expires: Wed, 08 May 2024 15:18:14 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7edc934d82894b52f34cb0416ecc8d07-b055511b6059a2a1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:18:14+00:00, 2024-05-07T15:56:16+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/10539.webp

185.244.209.62

200 OK

782 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/10539.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
782 B (782 bytes)
Hash
796fd65ebe0e19f29622d68a18318353
07f9c7ce146bec8070139e4c299e8a7f879f290b
0718c6771368f0ad6d75221d4eb440bfe0863b1ec1c0f6cb94244bf406f67de9

HTTP Headers

GET /resized/size16/sfiles/logo_teams/10539.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 782
cache-control: max-age=94608000
content-disposition: inline; filename="10539.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 07:47:17 GMT
x-request-id: 065de15a24c9949c6f1b2a045c7445c2
x-time-ng: 0.073
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-dc3c85a8400c9c035449f0deda5f8bef-bc9cc4977b7e52e8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T07:47:17+00:00, 2024-05-07T22:01:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/20ceca47dfb06a7e38d78ed1e6bbc0e6.webp

185.244.209.62

200 OK

640 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/20ceca47dfb06a7e38d78ed1e6bbc0e6.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
640 B (640 bytes)
Hash
304e0ce68ac94adbc64d6a284c9f8bb3
853f7afb4d2415d9b2e062a4040c55c787a91cf8
7d1a515630a7e098af4e91f35fe6269799fd3ac7abe9e57a060938f1b577978c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/20ceca47dfb06a7e38d78ed1e6bbc0e6.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 640
cache-control: max-age=94608000
content-disposition: inline; filename="20ceca47dfb06a7e38d78ed1e6bbc0e6.webp"
content-security-policy: script-src 'none'
expires: Sat, 01 May 2027 15:25:03 GMT
x-request-id: 9a46baa849ce24f2a03fd54465950574
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9865279071fea2a07204601b9f72bc44-bf89a927816c36da-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:25:03+00:00, 2024-05-07T06:54:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7f79b3bfb64b.css

185.244.209.62

200 OK

289 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7f79b3bfb64b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
289 kB (289240 bytes)
Hash
304cc943df23445a393ae3d5b02dc1c7
8bc0dae92bd7fccaab5d6dc33e6e5718191ea73b
7f79b3bfb64b8561951fdbd366b6d0cf8febf173f50b4f038e039abfcae5c913

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7f79b3bfb64b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"304cc943df23445a393ae3d5b02dc1c7"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:45 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9a5a1c660df8afc719b3dfcb8ccb91f4-70ad834ebc94ed67-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:45+00:00, 2024-05-07T17:01:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/registration/fields

178.253.29.51

200 OK

32 kB

URL POST HTTP/2
1xlite-461430.top/web-api/registration/fields
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
32 kB (32009 bytes)
Hash
3b5fc74c6bee5ffbc649f663e5f6c1a3
0f00adb4eb180726ecd2abcc2317a29beceb13bd
fe1005c8a0940ff6384b2b89aa744d692b9aed79f1d72cecfa11d1bb11fa7294

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration/fields HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 19
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=92, dt_total;dur=94.488, wf-uht;dur=0.106
traceparent: 00-56bad0b8603b7431886a0c2959baa0a3-8b28aacae9558822-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.093
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js

172.64.148.184

200 OK

1.0 MB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
1.0 MB (1015847 bytes)
Hash
5997e7f54cf2aebf463f16902ccbc7fc
659b9677d6196eabd63ce0feb5f4466accb72df7
08d0ab3696a84b16c7cc5306bf6d83dd27f99a2ce221ed337bf09dec8ebf95db

HTTP Headers

GET /_next/static/chunks/pages/_app-9c47c295eecaa68a.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"f8027-18f381bf92a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 485779
expires: Wed, 07 May 2025 22:03:49 GMT
server: cloudflare
cf-ray: 880480930d537130-OSL
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/v3/bonuses/welcome-bonuses

178.253.29.51

200 OK

675 B

URL GET HTTP/2
1xlite-461430.top/web-api/api/v3/bonuses/welcome-bonuses
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (769), with no line terminators
Size
675 B (675 bytes)
Hash
1e6e14eba274fc1ddb4d1fd9798ba788
9a9ea308099bd2de7a9861293324e153b276d91a
c3595ff52dc75767b58ffbf178a083df55e10d8d6dbcf76b24b0a76a5f9d9481

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/welcome-bonuses HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=19, dt_total;dur=59.119, wf-uht;dur=0.068
traceparent: 00-9ecb02a53972597209c0aa0ae9823178-d4c099b47ecb6aea-01
x-dt: 285
x-time-ng: 0.041
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js

185.244.209.62

200 OK

450 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (461), with no line terminators
Size
450 B (450 bytes)
Hash
94396d27c4d9bbfc299a901902e1f11d
b3d5fb445111c1b6b783db81a899a548488ebf13
33fc76fe427142c306a281e02daec062575fe489c63851cb55b487e1b058699e

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: text/javascript; charset=utf-8
content-length: 450
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "056ce527a12544a37f984ac598be2344"
x-amz-meta-mtime: 1714551564.671873539
expires: Fri, 03 May 2024 08:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c88601d15785785411b8f4928f2c8b14-4858bdd82376f322-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-02T08:43:57+00:00, 2024-05-07T18:09:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/sounds/new-message.mp3

172.64.148.184

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/sounds/new-message.mp3
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo
Size
30 kB (29952 bytes)
Hash
ef9af24dc7dbd24ffd99c832e1300351
f78744a5013038446c468de14f205f2d52373fd6
5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9

HTTP Headers

GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:50 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"7500-18f381bf786"
cf-cache-status: HIT
age: 728
expires: Wed, 08 May 2024 02:03:50 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804809abb5d7130-OSL
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json

178.253.29.51

200 OK

2.1 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with very long lines (2345), with no line terminators
Size
2.1 kB (2128 bytes)
Hash
f28a40d30a99fab8a5ccced08db52f77
063e77333797a10e097679a1e4d17269fc6d3b6b
a46ea2afe2103a473c90b17137f840e29d578a74d191daac521d45e9d3cf1d6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:45 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/common.svg

185.244.209.62

200 OK

147 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
147 kB (146981 bytes)
Hash
7bf3e9e7d79beac942f5e7748a3af2e6
7c6896ef647506806f2cdbe998d8c9eb845a1754
663e2fc5004af9c6c1969fc5827d7ffdbfeec8d4753efd831208cb179f0a488f

HTTP Headers

GET /sys-icons/1.0.328/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:46 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-af135f082a538d9e9de70b855c594fd7-3b8600faa4120a7f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:01+00:00, 2024-05-07T12:12:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js

185.244.209.62

200 OK

2.6 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2663), with no line terminators
Size
2.6 kB (2558 bytes)
Hash
dde63bdbd9cb8be79221cdd4eee15c60
3a7fcb58a671bdbabfdef9802a28a103b8d3ab77
72399193f61f13111a2ba2b25a8ccbf6cc5a833d1f59dfe38108c241c8f4a657

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:55 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"942da12c1a44ccf257f6ea3e09ed3175"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c24f5281a081b5fb1c6d585def8ba288-00bb0ba12ec51dfc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:37+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1099), with no line terminators
Size
1.1 kB (1099 bytes)
Hash
6921418ff9395c44037498a4cf17ee66
31879049279e2cb5bc06b249d80d1735ef112b19
e6de221b29f3b4e47505c877067f28565ab5e1b419dc5003aca29c49596e73ab

HTTP Headers

GET /_nuxt/desktop/default/css/a7906856.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:43 GMT
content-type: text/css
content-length: 336
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-150"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a7f1e2bd7b06fc25ba56d4e63c442da9-e6a0ff2624d3fb20-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js

185.244.209.62

200 OK

188 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
188 kB (187646 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:55 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"fdfc9ec2fb0c6c09b91f4d7afd8b013e"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fe1a796a284246c554c304223c960d2a-29c2f4dd3bb468b5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T16:34:02+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js

172.64.148.184

200 OK

78 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77801 bytes)
Hash
dc6852529f28802d37affa5953d07260
4edd220fe8df4b009a1775ebe57f19d40999659f
4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84

HTTP Headers

GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 22:03:49 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"12fe9-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 617074
expires: Wed, 07 May 2025 22:03:49 GMT
server: cloudflare
cf-ray: 880480932d9f7130-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1036), with no line terminators
Size
1.0 kB (1025 bytes)
Hash
305de1535e3f2a45efa2f1dd096f496e
9fd79178b39d8a196f9f3640758cc5285f5914fd
9b0fc84933536e9c4ca4b8013f656f393c6073e746901340133cbc11059aec46

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:52 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 09:11:40 GMT
etag: W/"8fecd56fc5520134f3c39b17431fe0c2"
x-amz-meta-mtime: 1715072814.257664589
content-encoding: gzip
expires: Wed, 08 May 2024 15:18:05 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e219917da94b4618afd2ccaf3b5fca6f-2307cda3db2428b8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:18:05+00:00, 2024-05-07T15:58:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/40aa0cfed98997f14158b28a4c39fd1f.webp

185.244.209.62

200 OK

708 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/40aa0cfed98997f14158b28a4c39fd1f.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
708 B (708 bytes)
Hash
5ba638c7d75ad8a82751b0934b6198f6
d1ed21e890c4f1115f0cd76dded62847b39f125d
2541580024f9370056832b04510406f3fe1487a903a523980163c60b840d9942

HTTP Headers

GET /resized/size16/sfiles/logo_teams/40aa0cfed98997f14158b28a4c39fd1f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:53 GMT
content-type: image/webp
content-length: 708
cache-control: max-age=94608000
content-disposition: inline; filename="40aa0cfed98997f14158b28a4c39fd1f.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 16:52:37 GMT
x-request-id: 6f101cd17abd2e2effbb25b6fb232ef1
x-time-ng: 0.079
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-21e81ceb8ee8762786e07564b9efd80b-8ba544a1a30bd4bd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T16:52:37+00:00, 2024-05-07T21:51:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.330/285/common.svg

185.244.209.62

200 OK

147 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.330/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
147 kB (146981 bytes)
Hash
7bf3e9e7d79beac942f5e7748a3af2e6
7c6896ef647506806f2cdbe998d8c9eb845a1754
663e2fc5004af9c6c1969fc5827d7ffdbfeec8d4753efd831208cb179f0a488f

HTTP Headers

GET /sys-icons/1.0.330/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:56 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 09:41:01 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713260458.134664491
content-encoding: gzip
expires: Fri, 19 Apr 2024 12:42:12 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0d008128921a30cf6773509313c32679-51c820b0783bfdf2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:42:12+00:00, 2024-05-07T15:30:09+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
14 kB (14353 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_short_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:03:52 GMT
content-type: application/json
last-modified: Thu, 02 May 2024 09:18:51 GMT
etag: W/"d3e39abc76f19e176765d21ac9e70c5c"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8bc8cb22e472f717e404cf153b19b1fb-f15c468de6c60ad6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-02T10:49:13+00:00, 2024-05-07T21:32:22+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/session

178.253.29.51

204 No Content

0 B

URL GET HTTP/2
1xlite-461430.top/web-api/session
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=93a8b430-0cbd-11ef-a7bf-7d4d3360a5d5
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2293a8b430-0cbd-11ef-a7bf-7d4d3360a5d5%22%7D; platform_type=desktop; auid=sv0dM2Y6pT8Um4wfAxiqAg==; SESSION=256a1a0ce801c3285a57fba5d199a648; window_width=1280; _glhf=1715137202; che_g=6bc74423-f07c-ac34-432f-90b72afb999f; application_locale=en; sh.session.id=bebb296b-aa81-4a13-8f31-843b4c0ed16e; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Tue, 07 May 2024 22:03:54 GMT
cache-control: no-cache, private
server-timing: p;dur=12, dt_total;dur=17.160, wf-uht;dur=0.025
traceparent: 00-2d701def5ac8d03fa6d07ae5f01fe9fa-13e1ce4bc827918d-01
x-dt: 285
x-time-ng: 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (115)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML