{"report_id":"d00c02b2-c687-44d2-9a0e-32cf2ae3aa20","version":6,"status":"done","tags":[],"date":"2026-01-04T10:34:00Z","url":{"schema":"http","addr":"1xlite-62827.bar/ar?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":0,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"final":{"url":{"schema":"https","addr":"1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"title":"1xBet","dom":{"size":22158,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (17887)","md5":"5300b146e945d929d9797b7f1a4bf471","sha1":"a9461d809ec909031ec8cf29be26e5b54cb867ee","sha256":"d0cf9911da0e36b1654602e45d0a928aaa6b2c906c0e35a85dc66eb193d33df2","sha512":"7bea06105c43274e0bb9298091a2a9b025cd7be2175c62470d06cdf1d0cd4c01029115ae785c17891b21fa47829499697bf97a9cf597a4aba81b022a18b27d5e","ssdeep":"384:KcihZx4MRS2qqVCr3rywsf3EqOt8H71pXDIqt/0+T9:32qr3rywy/OahpXDIE/0+Z","tlshash":"61a2e947f86c7017b7f755cc883aa68be6afe727c65dd19192fd85c40e86a57b203800","dom_hash":"domhash16459a11c48a968b7d0cdd94fbed685b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"1xlite-62827.bar/ar?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":0,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-08T10:34:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"1xlite-62827.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-12-28T22:17:36.419718Z","alert_count":0,"request_count":1,"received_data":510349,"sent_data":437,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.google.no","ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2001-02-26","domain_rank":92680,"first_seen":"2012-06-26T23:22:08Z","last_seen":"2025-12-28T22:19:36.894477Z","alert_count":0,"request_count":1,"received_data":580,"sent_data":782,"comment":"","tags":null,"fingerprints":null},{"fqdn":"v3.traincdn.com","ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"domain_registered":"2022-11-10","domain_rank":256434,"first_seen":"2022-11-25T10:00:40Z","last_seen":"2025-12-30T01:12:22.713533Z","alert_count":0,"request_count":35,"received_data":3165202,"sent_data":17559,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"1xlite-62827.bar","ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"domain_registered":"2025-07-09","domain_rank":0,"first_seen":"2025-10-16T19:41:22.353869Z","last_seen":"2025-10-24T09:10:56.382418Z","alert_count":10,"request_count":10,"received_data":62805,"sent_data":7600,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"region1.analytics.google.com","ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22257,"first_seen":"2022-03-17T11:26:33Z","last_seen":"2025-12-28T22:22:58.360429Z","alert_count":0,"request_count":2,"received_data":1700,"sent_data":2339,"comment":"","tags":null,"fingerprints":null},{"fqdn":"radar.cedexis.com","ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"domain_registered":"2009-01-07","domain_rank":28156,"first_seen":"2013-11-27T02:31:43Z","last_seen":"2025-12-30T08:54:12.007239Z","alert_count":0,"request_count":2,"received_data":1415,"sent_data":848,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/2de3cb6d98.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"748d69570f5ecc45d4e669b8c2d63b19","sha1":"60e3bb5ea966a9fcce1d6cb502e20fd67a446b6d","sha256":"aa09e47ded5695d360fad9336da11a29e24c8a62c08b13bdca76f19caf72dd89","sha512":"193263ac8bc41f13749c0459d6f53051fbbf86abee79cdec191601edefa9f1605ea6e894834d9fdb1a78f5c5520ecd6b9f653e63ea5fff6337f090fe7ec80c45","ssdeep":"","tlshash":"3f21837badb0f03846101afebc243071038b2e57868ed59995cc03a60347095592aeb7","size":1370,"data":"","first_seen":"2025-12-23T20:54:41.975798Z","last_seen":"2026-01-14T07:33:59.033741Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","size":390,"data":"","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"dafb343aac3fe5ca646b209532d36997","sha1":"53e7e61d359e4302e8a8a993ef87941addbdcd3a","sha256":"27054e18281f5b986021cef8efafab9b9fbf6b6dc64a0027cca8bbb3050dc6d4","sha512":"2431a1f17b00f26dd58d329f3c4bcd32aeacc95ece9d1ac6086772ba90aa32700431daabebc5431f41654b2018b3bb9638215e2c0953c16188a17ccc8673c125","ssdeep":"","tlshash":"f6e0cd969519f61b5c33681d896c8b0f95c97e75500d795dc034855c3a53456106723a","size":308,"data":"","first_seen":"2025-12-10T10:19:59.465768Z","last_seen":"2026-04-04T04:09:16.982079Z","times_seen":790,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"00e44cad05af09626c2b10aeee7de5a3","sha1":"4461fd05cdd85255f4ab24edd5ac80e7b6dec92e","sha256":"5277a86b8db312b1e34318cb994829e113d8204c3a2e88ab594e5135b2bbfb2a","sha512":"548bf615b1118881d21a0cfd2d530b3f0ce1e14cc93cb6afce662b30ac70877fa152fd71b5d786bb2e43e31a1980e00b83106b1f4b3ae12fbb2ddbedf6c81841","ssdeep":"","tlshash":"901159c232e3a0d183e058cd1001d906f23969e9a4bca0c9c757e6b93cb2a53d87672a","size":865,"data":"","first_seen":"2025-08-22T10:11:14.567955Z","last_seen":"2026-03-04T04:00:43.420123Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"83e311eb8e222d229b6177bd007ce9eb","sha1":"96b851ffda0eab794c2bb637255a48ae25770144","sha256":"d0ff62de588e1c47eedbd91a89dcf394e2ec5bd09392ea556b9a34108077e9ad","sha512":"fd2e1bfb6588598e356ddc08724c2e6f602b89626b30eeca2c25b8f60340f25e28a761b8e13b75d1627172530abf7dd0e586e792f53759d08bda626145f65b0d","ssdeep":"","tlshash":"202112debed2b5908394188c4e2ec055f23a2957641ce6fcd765e7827c403a186f3c1d","size":1297,"data":"","first_seen":"2025-08-22T10:11:14.559442Z","last_seen":"2026-03-04T04:00:43.42063Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_YV646KAL.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"817daa834e18cb5941c970ebd9539382","sha1":"2776cb6819f955e7a9434dc6885f31a09c7458f0","sha256":"daee6582cc260392552be5918f785c8192fc39c90a0de67ec94105625a105f83","sha512":"d7d41f49d473fa846fa3e68a7de3196a282939e7d941eae3e641ac4f3df017f239c0eda9664ecb491a0d95c72557321e898cc0411d2d272d2357d8795f3a499a","ssdeep":"768:2XwZ1yyQBnJnqxqy3a1ztAy7lyyC0H64ar9Ebk0y6OWe/BtKoD4gPuLOdY:2XwWBnJqxq31p9lyypH642Ebk0y6OWgi","tlshash":"5de24d98b779b8a2336d50cc90770713b37559f3484d9060f3aa9ea234a5a43c2e7b79","size":31989,"data":"","first_seen":"2025-12-23T20:54:42.080275Z","last_seen":"2026-01-14T07:33:59.036202Z","times_seen":183,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/entry-bbdf0b7ffc.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"538f7cf8c223d576e55ec57979962f1b","sha1":"a2d705e712322178eda29a6f371affc79ab46770","sha256":"7561410894dd995cafda66d9bf39de55d8f52e98058f4d0a46cfe105c45087e1","sha512":"e9a0d6b81f2d59235b74526d96411ae6e4e66c391e6df4a37a6da3b0ea9ebb1f608095a051d4ee3270ddab356665c2527977d64976a96bc026e613daee684fc0","ssdeep":"384:HkJQgN7zrAiEqUb8To4lGSdlqll70JGhPhjwVTGxcPRDCEBzua4QIiouV+2cTrcL:HkWuZEqc8To4rdlqll70JwPhjwV6xgRd","tlshash":"e2a21f7c219cf0f535cb459537f6bc526688ad2ff98abcd6409789cc03da04cc9663aa","size":22542,"data":"","first_seen":"2025-12-23T20:54:42.05595Z","last_seen":"2026-01-14T07:33:59.035481Z","times_seen":115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/192f3e7f77.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"a183d67a6f8ea109fef0a1b4f5f2b920","sha1":"9908c3bc21a4de25fe732742f501bd5b42c04c79","sha256":"ebdb6c637f146183a35569fcf56d547616da772f4b10c500a12a670fd46a6560","sha512":"c55796a768f46379b24f94bb40ff4846e651c94411fbf828648f1ba95353caeb7970abc3b37e4ffbac456c42085e8d46868a9d1ae07b0a2d31005d6025b7655e","ssdeep":"","tlshash":"ca5166967cb4b0b2af7643ee7e2640f5460d2a45b15d4093fded473c200f0a9176ab63","size":2848,"data":"","first_seen":"2025-12-23T20:54:42.020611Z","last_seen":"2026-01-14T07:33:59.008285Z","times_seen":127,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_1e35a72ffc.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"c0122178324b698b365f113bbe9f6cc2","sha1":"93adf11ecaba172a5ebf4042e249c0a4498ea5c0","sha256":"1f0e6e4b2f677f8ab4ee137d290d4bc5d788cd6d8ed1f80817a0222ea04095e5","sha512":"c536594213b8367a3a21ade27b64495481b2aa1c826c1bc2e641c54ab59463b3801eadf574c7b3375b8b3ca466c351cfeca1f74d54b66712bd5d1f891e0c3cd8","ssdeep":"49152:2FLjr8yGOI5w7RySDDAjLr2A234Y1Kl/F/Wmr4js:8E52a","tlshash":"06759d55f0467d223ee745e5a0771282b69c5a9ec408f4a4f1fbc8e83a8f44452afb7c","size":1628255,"data":"","first_seen":"2025-12-23T20:54:42.08575Z","last_seen":"2026-01-14T07:33:59.056196Z","times_seen":183,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/ec95a66bfe.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea480642e3fdad5b9118b3b2458455a7","sha1":"7d0a927ea118fd45b8b0342fff295cb3361d9387","sha256":"94cbddfb1ac92d6901543646d503a528b4132e388c6bde226782589026772e6d","sha512":"46d0e4811c5e32385998cad926bf723b16b83a610a189c731f37e84a3a4c0e7a30033e8a5c78669815201137d7c44dc22b7865c466dbeba22a65fdfe236916d1","ssdeep":"192:FhpR0b23WsQ0W99z/ULrcZkprVTrQitHZs6CS+v1d0:HpR0b23WsQ0W99z/YcZk/T7i6CS+v1y","tlshash":"abd1d6ad1ff930b420650fd8be1224b197a81d2793ec88f6ea590f64033d449c6ba967","size":6742,"data":"","first_seen":"2025-12-23T20:54:42.063151Z","last_seen":"2026-01-14T07:33:59.042438Z","times_seen":115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/19734a1859.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"0de0c156338f3d41ab95438c3d50bf21","sha1":"a39a274e2f641a2ed9c25a57fb8206974ad2c262","sha256":"1af1032c4d01a1d34bc1f6932bc12fcbe55b50735cee5caefdcd5fdca4591cb7","sha512":"2a894ed85c825eb50db36a6a733e0b521d6bb5128d21fcdca4beffc12f9795b3e20ef869d5404ebef83d6c68e0a8b997e31c16a41453c2b2b947e8421970d8a7","ssdeep":"","tlshash":"9bc08c0f24a85837826e4ef8991021421e0d85e533e105c8ed0c83ba032a4d3854e62a","size":165,"data":"","first_seen":"2025-12-23T20:54:41.987403Z","last_seen":"2026-01-14T07:33:59.049088Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"06d74715bf7946c1d1aaea652f915b5a","sha1":"fee957c626f19aa0f74fee001aefdb788afad2bc","sha256":"955a91f9c6364da7cfe3fa285c642e88e69a4f33c045f83e85645a165524ebb7","sha512":"82ba3702876f43c88036bc485381c22ee9f7fc8da4869e3dbc6e762a0af30bdfb544b21c970c6242cfb89a9b181b77109f7803c7bb95be95d1ca4f142e260a1d","ssdeep":"","tlshash":"df211025907c4b3f8627461d9303ba419fad007622d67b1cf61c4f8c66c61cda1135c7","size":1434,"data":"","first_seen":"2026-01-03T12:34:41.025611Z","last_seen":"2026-01-26T11:35:20.321505Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"d500a2ca1e727e6c3672cd77d68c98f6","sha1":"91bb9c29f3ca5bdb90a171d9d14f4fd8cab1bd13","sha256":"d0442eda8c76341a51da5fbf54d0e0c0b157ab5f4a3a617eafd7903a2ab21a26","sha512":"0f498727c99c9b80d3ad0fde0f95682f1d27151e877b21982c7a687b5d30688fda32c0155d5f7076df13e116af9a357a273f89e2f1275949dc46ed5825a10cb1","ssdeep":"","tlshash":"7c1175230a38e73f412468ccc9a1bba955d0285ab100d44f9dfc8c4b576b5d3ad93f13","size":1037,"data":"","first_seen":"2025-12-23T20:54:42.084049Z","last_seen":"2026-01-14T07:33:59.058133Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","size":69,"data":"","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_LNU73JEK.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"d96d317966512ab8915a90670ca5a5af","sha1":"a810be1c3e515adb49804e8d976250deb16fd77d","sha256":"f125201d62c452efba070d856821885c7cfd539a31d55846caa6ae3a7522d3cf","sha512":"460b29966e6f5ac4d34ccc714217d29686d7aff42efa92a102729d40aa36dd4fbb87116178b2f9fdece5fdb09cb2bf2024312d3f1b86abb69644f695c76aca2d","ssdeep":"","tlshash":"a521f1e56fbc7ba362be2ae4a02e0041e001d53752f4f1d4f294dfb4a4e949d035b5b6","size":1232,"data":"","first_seen":"2025-08-22T10:11:14.554562Z","last_seen":"2026-03-04T04:00:43.411503Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PJNUBKRP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"7e7ebd44e3a6550f862e122ab7df6409","sha1":"384ecbc3ab0f65e6b0f88c1e68ba3eb73fad4999","sha256":"138767518a09e63d24f918f6380923893a2ec3aa59a640e51c83517501823076","sha512":"e2766b50e289dc6a69fa30432a49a0b7743f15cd15a54d707959c7623f258057a821a94285c492746216cfbf815089309b6cc09b930ba7977ff9c4ffc352d76e","ssdeep":"768:wDKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:wm8uPW43zEIOvdlUU","tlshash":"a5d2b68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","size":30277,"data":"","first_seen":"2025-08-22T10:11:14.535778Z","last_seen":"2026-03-04T04:00:43.425133Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_67be4069d3.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"00e9a1cb57562ecdbc4f8a438ff0d3a7","sha1":"18b312426460be06bfc557ef8d24fc9328935b47","sha256":"360358fda10eb3510d6f69bd8362258043c0092d0c085fd24c1996fa20303790","sha512":"af88385a60878abfb1fffe9275e125445f0c177a9302a0ecb431dbdb7bba0c7888d4981323c78ea48278b821ec6a9a9c62bfa193a8dc684e6c2add3004d5edba","ssdeep":"","tlshash":"1cd0eb3d6ff1e0b5330528ff322b719233093c04930ad4a300a6036801c80faa275e3a","size":291,"data":"","first_seen":"2025-12-23T20:54:42.051787Z","last_seen":"2026-01-14T07:33:59.011214Z","times_seen":183,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/708191bc33.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"f558fd5629eaf2411a804db7a8f35d89","sha1":"c9239b8810c39517704dfc46f746c3f03136b466","sha256":"481f44e30fbad7065c6cf53e1b699af33c6afe77c4ecb17095eed9022c388e5e","sha512":"d10fc5869f68eea2268d0d3c9dc465268e348063a9b50a0401e0f08c91418da9bc75b187d1138b6f4676128a5241450ed60b2d2632407e58ff1cb501d3e526bc","ssdeep":"","tlshash":"84717346ac78f5f6ba0782a83d2344f0cb1fac2ed16449eae1f4c6bc129d4952432f57","size":3730,"data":"","first_seen":"2025-12-23T20:54:42.009554Z","last_seen":"2026-01-14T07:33:59.0485Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"bea5b052c307601192270938523fa030","sha1":"937f7094c67f5a92c1032a7bc3f21ee94bec66ef","sha256":"f41290374ba615854ebb4b28a07de775581707f3b6427bcc01c0529c62476f64","sha512":"b9bff7f7d9b518ec76898a732114873c01206378c2a840c62062f05487ef773716ce841d7a5bafe3f0c65fbfdf05509852571a3a6b381661cb6f4984d6bc23a9","ssdeep":"384:ZP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxiZ:piZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7b92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","size":21252,"data":"","first_seen":"2025-08-22T10:11:14.555802Z","last_seen":"2026-03-04T04:00:43.408775Z","times_seen":3920,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b817b44de40de2686c34ebd195f984fb","sha1":"8fd2846eddfb88168eb481896d5e0273797e5187","sha256":"cd02441d3711fe00ce1de9a41075cdb02fdf3c777b90761b84a68a74418bd6e7","sha512":"b87d67c10068c732ed739d2fa26b32d7701cc980448fa33a7b4f63798b1193f62afe5fa7a54260e4682286e2f7ad7785e2aa7c38ed87d807591264b98de2eb06","ssdeep":"6144:u7Ie7mf2bulKYX61u99Yye5HDmHYmyBFzvnsBu6QWllECPad4XEPPad:5CJbu7q1mcrnssW2wEy","tlshash":"0bb4098e73c67426929af478502f02cba8bb29e2b45dc896b1c9ccf01d7459a4167f7c","size":509745,"data":"","first_seen":"2026-01-04T10:34:06.301339Z","last_seen":"2026-01-04T10:34:06.301339Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:34.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:34 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-b176c80e8072303bcc23b3164c0889ad-0036236898979692-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1338\r\ncache: HIT\r\nx-cached-since: 2026-01-04T10:11:16+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-04-04T04:09:16.967231Z","times_seen":10259,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/bff-api/config/group/get?groups=d.customize\u0026lang=ar","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-62827.bar","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 05:20:09 GMT","end":"Mon, 09 Mar 2026 05:20:08 GMT"},"fingerprint":{"sha1":"66:E5:4E:74:0B:7E:DF:94:A4:98:72:73:D6:EC:9F:E4:34:AE:A0:76","sha256":"FC:2E:BE:DC:DD:09:CD:99:98:5C:3D:BC:88:05:27:BF:AC:31:19:C6:ED:06:3A:8A:4B:4B:00:D0:A0:FC:B1:60"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=d.customize\u0026lang=ar HTTP/1.1\r\nHost: 1xlite-62827.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=LiC2ZGlaQf4r7rVaBOyBAg==; lng=ar; tzo=3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json\r\ncontent-length: 748\r\ncache-control: no-cache, private\r\nserver-timing: dt_total;dur=0.173, bff;dur=7.37, wf-uht;dur=0.019\r\nx-dt: 1208\r\nx-pod: R-2mkfx\r\nx-time-ng: 0.010\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":748,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e40ba312d84ed9c7725118bfe9d260af","sha1":"3102abc444490e2383f4f0d094718b149219edc8","sha256":"1f1f6972d046779ad161934090f2165ddbf5622ac48c50363a361dc34d3ba532","sha512":"dcb7bdacd5f655e2391e5f1fd37024b8fd87cf64479c3044b976c1455d03941b6f44d95bd25fba96d23eee84345a5b3c077c14632cfabb59b004d33cbbcd126d","ssdeep":"","tlshash":"3301d14da161623cd2a18b98d8823f145ffd90b735497a05e81c9dca33f36ebe2b1203","first_seen":"2025-12-25T17:26:02.089904Z","last_seen":"2026-01-12T03:01:24.450964Z","times_seen":8,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"1xlite-62827.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1208/desktop/media_asset/e3217bf4aaec777059549bd3a84781c3.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1208/desktop/media_asset/e3217bf4aaec777059549bd3a84781c3.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-0a5e918117e7da3c1c25306581382641-46b327c074e9aca6-01\r\nlast-modified: Wed, 24 Dec 2025 19:03:15 GMT\r\netag: W/\"917f249d7ba3f198ffcd4c0996b36c68\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 02 Jan 2026 08:32:52 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18124,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"917f249d7ba3f198ffcd4c0996b36c68","sha1":"5097c10634e403da22a92ee62d12f504c024e479","sha256":"ceabc18fbbc228992e212623f9528f47119c7d3623879141a7a877bf8d27651f","sha512":"5e9ce3dbd4c35499115291c61a6c78f093e0782f87fa34154f899c0776ec1d19f3a82bfc960b851d6f2ab8e18d5fb1ce7a2b4a52a5f27bc32f69254ef9aabdf9","ssdeep":"96:7tb7Ba79eu4QWGAdryCiQFpzLJLJeHZVZYpH3UGHSTSSbbGiJinHQyu7Bn2:K7kJ2VK3UsyinHQd78","tlshash":"b48235d9bae41c33112b60bed5e7f91ae3cc1f479d4aa8287e9c6d4c1b6050500aed7e","first_seen":"2025-12-24T19:43:26.562976Z","last_seen":"2026-03-01T21:06:43.444084Z","times_seen":274,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1208/desktop/media_asset/0b8640a63cf88a33716869054cfd081d.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1208/desktop/media_asset/0b8640a63cf88a33716869054cfd081d.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-805cf3efb1163bf419d6a7d9573b5f4e-076df92844b099c4-01\r\nlast-modified: Wed, 24 Dec 2025 14:24:07 GMT\r\netag: W/\"90539e045cd6aee730f89f811acc4a30\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 03 Jan 2026 13:34:11 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1712,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"90539e045cd6aee730f89f811acc4a30","sha1":"b419105e1bca131d03bf88ea751fb2220fd35df8","sha256":"df5274eabaedc02741f745d19342175eb01707560f5867a537227190cea40537","sha512":"1e9d298520ec854b8e75b4c8961d9f8e30c26dd764542472ce0b2b23787156c4254a7024c435a04a832a37a00c8714c8d725647fd66d9935f6094b0749db0fc6","ssdeep":"","tlshash":"da31dc89fbf02cb3302f90ed99b7b54ed3880f07ac566d54ba5c754c2b54516006ad7e","first_seen":"2025-12-24T17:22:02.953849Z","last_seen":"2026-03-09T08:17:21.757896Z","times_seen":496,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1208/desktop/media_asset/36bc018ba921b7dd8d8cb4003702c9fd.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1208/desktop/media_asset/36bc018ba921b7dd8d8cb4003702c9fd.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-4a9c4a19f82cf001f9b6952199fc3918-04280aa9c0406cd3-01\r\nlast-modified: Wed, 24 Dec 2025 19:01:54 GMT\r\netag: W/\"b5a6dbdf3f12e11d0c5275b2ca6dc739\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 02 Jan 2026 08:32:52 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3091,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b5a6dbdf3f12e11d0c5275b2ca6dc739","sha1":"a8495df42a8f1e18c12dc1723660d062bbc8fb6b","sha256":"8febfd79d9b9b1298af34575340a4288d6d5b01ee4e50c57f5a5509d602412f2","sha512":"813327003eefeef8e9772adc05530b46f52fc044d76f5ed1393854052836ae2f89a0118697367681afbab9084b4e215c3120bf09ea2713553a7e8286ca9afe2d","ssdeep":"","tlshash":"85514b4df6e41c33012f19bdc0f76a6993d84f4f694a7c283a9d6c4d1bd451900aad3e","first_seen":"2025-07-21T03:11:29.13175Z","last_seen":"2026-01-11T03:06:49.449217Z","times_seen":2816,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5ca1v897130004za200zd897130004\u0026_p=1767522825528\u0026em=tv.1~em.cw3fZHb9rwkQoTAdeNsLaiWrX7NRvjAvCoOpFoMoRNQ\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=567346639.1767522826\u0026ecid=490356007\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026ec_mode=a\u0026_s=2\u0026tag_exp=103116026~103200004~104527906~104528500~104573694~104684208~104684211~105391253~115583767~115938466~115938468~116184927~116184929~116251938~116251940~116682875\u0026sid=1767522825\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-62827.bar%2Far%2Fblock%3Ftag%3Dd_85563m_29145c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l73747_clickunder\u0026dt=1xBet\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026ep.optimize_id=GTM-5R4MT54\u0026tfd=11970","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:46.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5ca1v897130004za200zd897130004\u0026_p=1767522825528\u0026em=tv.1~em.cw3fZHb9rwkQoTAdeNsLaiWrX7NRvjAvCoOpFoMoRNQ\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=567346639.1767522826\u0026ecid=490356007\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026ec_mode=a\u0026_s=2\u0026tag_exp=103116026~103200004~104527906~104528500~104573694~104684208~104684211~105391253~115583767~115938466~115938468~116184927~116184929~116251938~116251940~116682875\u0026sid=1767522825\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-62827.bar%2Far%2Fblock%3Ftag%3Dd_85563m_29145c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l73747_clickunder\u0026dt=1xBet\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026ep.optimize_id=GTM-5R4MT54\u0026tfd=11970 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://1xlite-62827.bar\r\ndate: Sun, 04 Jan 2026 10:33:46 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:170:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:170:0\r\nreport-to: {\"group\":\"ascnsrsggc:170:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:170:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":25,"dns":0,"connect":8,"send":0,"wait":19,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/ar?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T10:33:34.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-62827.bar","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 05:20:09 GMT","end":"Mon, 09 Mar 2026 05:20:08 GMT"},"fingerprint":{"sha1":"66:E5:4E:74:0B:7E:DF:94:A4:98:72:73:D6:EC:9F:E4:34:AE:A0:76","sha256":"FC:2E:BE:DC:DD:09:CD:99:98:5C:3D:BC:88:05:27:BF:AC:31:19:C6:ED:06:3A:8A:4B:4B:00:D0:A0:FC:B1:60"}}},"request":{"raw":"GET /ar?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder HTTP/1.1\r\nHost: 1xlite-62827.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:34 GMT\r\ncontent-length: 0\r\nlocation: /ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder\r\nset-cookie: platform_type=desktop; Path=/; Expires=Wed, 07 Jan 2026 10:33:34 GMT; Secure; SameSite=None; Partitioned\ngw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Wed, 07 Jan 2026 10:33:34 GMT; Secure\nauid=LiC2ZGlaQf4r7rVaBOyBAg==; path=/; secure; httponly; samesite=lax\r\nx-dt: 1208\r\nx-gw-blk-redirect-reason: block\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.015, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":315,"timings":{"blocked":138,"dns":45,"connect":28,"send":0,"wait":39,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"1xlite-62827.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/non-embedded.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:34.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/non-embedded.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:34 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-2cac11a8e26fbda73aa5fbeb87a9fc5b-1ae94dbc71686822-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:44 GMT\r\netag: W/\"124cc24d18351af1656eae12be6975c9\"\r\nx-amz-meta-mtime: 1766488103.527478477\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 13:00:06 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 76774\r\ncache: HIT\r\nx-cached-since: 2026-01-03T13:14:00+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50203,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (50202)","md5":"124cc24d18351af1656eae12be6975c9","sha1":"9fcf552112c0d0405f116a0c075ebad921a599c3","sha256":"736db5bdc9562cb0d626cce25730c516183749db3f8228c5d3e566316adccc12","sha512":"7d68a9abd66737f299a36dedc3aa1406711e2ad10497ffd96dfe2ac136c5813342ad89102fb333fffed1b3a8dbf6efbca1b8b4df9aa72e78a2815e2108b62002","ssdeep":"384:FdHpVLkq1Tk9wE1rx1ixddVbVBZYYBJ+JuqQr9C4GWkHjB5lc:XcQvZYY4Qr/sHlc","tlshash":"0633750acd801257be7b893a3584fb0865e4e54bed730e2df459d0448fe7e9f26a03a5","first_seen":"2025-11-25T12:36:55.909711Z","last_seen":"2026-03-05T12:27:01.087128Z","times_seen":561,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":72,"dns":39,"connect":4,"send":0,"wait":1,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_1e35a72ffc.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:34.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_base-app_1e35a72ffc.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:34 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-3f21f7c8d704997a08f5484edac17af0-bdae1847a39b4a70-01\r\nlast-modified: Tue, 30 Dec 2025 12:59:20 GMT\r\netag: W/\"c0122178324b698b365f113bbe9f6cc2\"\r\nx-amz-meta-mtime: 1767099327.785295139\r\ncontent-encoding: gzip\r\nexpires: Thu, 01 Jan 2026 08:50:50 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 5071\r\ncache: HIT\r\nx-cached-since: 2026-01-04T09:09:03+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1628255,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (23791)","md5":"0e09ea6ca336302e09328e11eea7eb20","sha1":"a3cb8880feaa296cc191d72259ad73b1a3b752cb","sha256":"8ef3fa0028abf530c73f0f08c2a08285066a4a9202ed3c4296d911ffe154489f","sha512":"01dceefe56140a7d94066b3a42582bbf12454372ea3e79547b29458bb8f0d3f20b5d6d4c6e4d6a8092134ff92adc51fa9b5aeaf0bbae312f8e8cd026bd9a6cea","ssdeep":"24576:2FLjr8yGOPw5wtuiRySDDAjLr2A234Y1QTDJ/F/k:2FLjr8yGOI5w7RySDDAjLr2A234Y1Kle","tlshash":"9f259e65f112791339e755e5a0631387ba9c499ed80ce894f2e7cde43a8b41022eef7c","first_seen":"2025-12-23T20:54:42.018305Z","last_seen":"2026-01-14T07:33:58.996601Z","times_seen":181,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/en/block","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:34.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-62827.bar","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 05:20:09 GMT","end":"Mon, 09 Mar 2026 05:20:08 GMT"},"fingerprint":{"sha1":"66:E5:4E:74:0B:7E:DF:94:A4:98:72:73:D6:EC:9F:E4:34:AE:A0:76","sha256":"FC:2E:BE:DC:DD:09:CD:99:98:5C:3D:BC:88:05:27:BF:AC:31:19:C6:ED:06:3A:8A:4B:4B:00:D0:A0:FC:B1:60"}}},"request":{"raw":"GET /en/block HTTP/1.1\r\nHost: 1xlite-62827.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=LiC2ZGlaQf4r7rVaBOyBAg==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 203 Non Authoritative\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:34 GMT\r\ncontent-type: text/html;charset=utf-8\r\ncontent-length: 3311\r\nserver-timing: dt_total;dur=0.083, dt_total;dur=0.005, total;dur=3;desc=\"MF\"\r\nset-cookie: gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Wed, 07 Jan 2026 10:33:34 GMT; Secure\r\nvary: Accept-Encoding\r\nx-dt: 1208, 1208\r\nx-time-ng: 0.004\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"203","status_text":"Non Authoritative","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3030)","md5":"22ec481d66f82c0a7ac2b279dadc3f6d","sha1":"1191347b6719f6529cc99dc195100f81db085c5d","sha256":"4deadd81d006f48d828c7af4d1658855d66db5d0197743c5ef5ce045686df83f","sha512":"9dc8092657e9300a7ecc3a5c57324a8f09f7ad0ebdffcf30c261423af026d9b2a3492a4ed8d76fa5437aa179f092a65268804d10a01b93f542911da0797c4f02","ssdeep":"","tlshash":"9761c727503ccb3f4522455d8a02fb4a9edc287b7149e94de67c4e8d27c62cba417a47","first_seen":"2026-01-03T12:34:40.97925Z","last_seen":"2026-01-04T10:34:06.26725Z","times_seen":2,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"1xlite-62827.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 865\r\ntraceparent: 00-96f3b552819149c4943148eb231f04c3-b5bfeade778145fc-01\r\nlast-modified: Tue, 30 Dec 2025 12:59:16 GMT\r\netag: \"00e44cad05af09626c2b10aeee7de5a3\"\r\nx-amz-meta-mtime: 1767099327.750294637\r\nexpires: Thu, 01 Jan 2026 05:42:53 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 17432\r\ncache: HIT\r\nx-cached-since: 2026-01-04T05:43:03+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":865,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (840)","md5":"00e44cad05af09626c2b10aeee7de5a3","sha1":"4461fd05cdd85255f4ab24edd5ac80e7b6dec92e","sha256":"5277a86b8db312b1e34318cb994829e113d8204c3a2e88ab594e5135b2bbfb2a","sha512":"548bf615b1118881d21a0cfd2d530b3f0ce1e14cc93cb6afce662b30ac70877fa152fd71b5d786bb2e43e31a1980e00b83106b1f4b3ae12fbb2ddbedf6c81841","ssdeep":"","tlshash":"901159c232e3a0d183e058cd1001d906f23969e9a4bca0c9c757e6b93cb2a53d87672a","first_seen":"2025-08-22T10:11:14.567955Z","last_seen":"2026-03-04T04:00:43.420123Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-c52b6c5fc3ada135f72f6538abf4f618-3abc39c7c2fb31b9-01\r\nlast-modified: Tue, 30 Dec 2025 12:59:16 GMT\r\netag: W/\"83e311eb8e222d229b6177bd007ce9eb\"\r\nx-amz-meta-mtime: 1767099327.770294924\r\ncontent-encoding: gzip\r\nexpires: Thu, 01 Jan 2026 09:45:17 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2866\r\ncache: HIT\r\nx-cached-since: 2026-01-04T09:45:49+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1297,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1265)","md5":"83e311eb8e222d229b6177bd007ce9eb","sha1":"96b851ffda0eab794c2bb637255a48ae25770144","sha256":"d0ff62de588e1c47eedbd91a89dcf394e2ec5bd09392ea556b9a34108077e9ad","sha512":"fd2e1bfb6588598e356ddc08724c2e6f602b89626b30eeca2c25b8f60340f25e28a761b8e13b75d1627172530abf7dd0e586e792f53759d08bda626145f65b0d","ssdeep":"","tlshash":"202112debed2b5908394188c4e2ec055f23a2957641ce6fcd765e7827c403a186f3c1d","first_seen":"2025-08-22T10:11:14.559442Z","last_seen":"2026-03-04T04:00:43.42063Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_YV646KAL.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_vue_deps_YV646KAL.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-efc4c8cf5ee29d3e8ce6507986643aaa-d952eacce096b011-01\r\nlast-modified: Tue, 30 Dec 2025 12:59:16 GMT\r\netag: W/\"817daa834e18cb5941c970ebd9539382\"\r\nx-amz-meta-mtime: 1767099327.750294637\r\ncontent-encoding: gzip\r\nexpires: Thu, 01 Jan 2026 08:50:34 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 5765\r\ncache: HIT\r\nx-cached-since: 2026-01-04T08:57:30+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31989,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31848)","md5":"817daa834e18cb5941c970ebd9539382","sha1":"2776cb6819f955e7a9434dc6885f31a09c7458f0","sha256":"daee6582cc260392552be5918f785c8192fc39c90a0de67ec94105625a105f83","sha512":"d7d41f49d473fa846fa3e68a7de3196a282939e7d941eae3e641ac4f3df017f239c0eda9664ecb491a0d95c72557321e898cc0411d2d272d2357d8795f3a499a","ssdeep":"768:2XwZ1yyQBnJnqxqy3a1ztAy7lyyC0H64ar9Ebk0y6OWe/BtKoD4gPuLOdY:2XwWBnJqxq31p9lyypH642Ebk0y6OWgi","tlshash":"5de24d98b779b8a2336d50cc90770713b37559f3484d9060f3aa9ea234a5a43c2e7b79","first_seen":"2025-12-23T20:54:42.080275Z","last_seen":"2026-01-14T07:33:59.036202Z","times_seen":183,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/ar/dictionary_182f6f975d11454084a183a13dcd4d69.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_block_pages/ar/dictionary_182f6f975d11454084a183a13dcd4d69.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-0a2ea15c5d0e7a3c571f035e7ca8fa15-99fc5690566cc4f9-01\r\nlast-modified: Wed, 17 Dec 2025 12:09:06 GMT\r\netag: W/\"f30413d41118a7bd4b0d90df80ac663d\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Sat, 03 Jan 2026 00:16:29 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1542\r\ncache: HIT\r\nx-cached-since: 2026-01-04T10:07:53+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3555,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"f30413d41118a7bd4b0d90df80ac663d","sha1":"396aa45cd0c09b0f2f8daf5e3d58f5bd477b01df","sha256":"1094e62fbb144c51bb1adbbd8968488e9a2962d2b03ff361184d7670c7571045","sha512":"519cf8c152d5c5cdd839a59d04412f140923126e46be2bd356efae34fb05dd949fb0c33c8fbf08a0f7d840eea3e47af1a98b42ebd3aac472881b1fdc3220a376","ssdeep":"","tlshash":"f27132d2273c84b13a0a8b09fceb393de8715e13af86fc70754a8655629b466d14e13e","first_seen":"2025-12-20T05:43:32.421457Z","last_seen":"2026-01-26T11:35:20.319901Z","times_seen":8,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/version.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:34.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /version.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:34 GMT\r\ncontent-type: application/json\r\ncontent-length: 11\r\ntraceparent: 00-c91c70f6640b1a7d82c3d970eb2a8b90-e3ddec66e234a0c1-01\r\nlast-modified: Tue, 30 Dec 2025 11:35:51 GMT\r\netag: \"8ea3a345f3f62644147abd32f4fa716d\"\r\nx-amz-meta-mtime: 1767094551.076810794\r\nexpires: Tue, 30 Dec 2025 11:39:04 GMT\r\ncache-control: max-age=60\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 4\r\ncache: HIT\r\nx-cached-since: 2026-01-04T10:33:30+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text","md5":"8ea3a345f3f62644147abd32f4fa716d","sha1":"994c2c271ca6f972da76023d4818ef99042d65c0","sha256":"f69b33de6027c743066c2e8ccda94818758bf34ff8c433306aa00a6cc1d7fde9","sha512":"40c7271f9ed5db80ede5943b38225e217e6f70a2d4ded61e7c3d5ac985b911b1379ed3c30d6a6927c5908d96e04ccb2e455a1e2fff5115e4afaa12edd22bbeb7","ssdeep":"","tlshash":"0750000003000cc0000f00000003000cf0c00c0000003f0000c0c00000003003000c00","first_seen":"2025-12-30T12:48:04.916545Z","last_seen":"2026-01-05T09:11:08.89272Z","times_seen":55,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PJNUBKRP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_localforage_PJNUBKRP.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-d82824f38851dbc5bb5a32040596e242-095404e2b51e25cd-01\r\nlast-modified: Tue, 30 Dec 2025 12:59:16 GMT\r\netag: W/\"7e7ebd44e3a6550f862e122ab7df6409\"\r\nx-amz-meta-mtime: 1767099327.750294637\r\ncontent-encoding: gzip\r\nexpires: Thu, 01 Jan 2026 09:47:17 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2741\r\ncache: HIT\r\nx-cached-since: 2026-01-04T09:47:54+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30277,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (30255)","md5":"7e7ebd44e3a6550f862e122ab7df6409","sha1":"384ecbc3ab0f65e6b0f88c1e68ba3eb73fad4999","sha256":"138767518a09e63d24f918f6380923893a2ec3aa59a640e51c83517501823076","sha512":"e2766b50e289dc6a69fa30432a49a0b7743f15cd15a54d707959c7623f258057a821a94285c492746216cfbf815089309b6cc09b930ba7977ff9c4ffc352d76e","ssdeep":"768:wDKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:wm8uPW43zEIOvdlUU","tlshash":"a5d2b68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","first_seen":"2025-08-22T10:11:14.535778Z","last_seen":"2026-03-04T04:00:43.425133Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/bff-api/config/group/get?groups=b.core,d.core\u0026lang=ar","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-62827.bar","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 05:20:09 GMT","end":"Mon, 09 Mar 2026 05:20:08 GMT"},"fingerprint":{"sha1":"66:E5:4E:74:0B:7E:DF:94:A4:98:72:73:D6:EC:9F:E4:34:AE:A0:76","sha256":"FC:2E:BE:DC:DD:09:CD:99:98:5C:3D:BC:88:05:27:BF:AC:31:19:C6:ED:06:3A:8A:4B:4B:00:D0:A0:FC:B1:60"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=b.core,d.core\u0026lang=ar HTTP/1.1\r\nHost: 1xlite-62827.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=LiC2ZGlaQf4r7rVaBOyBAg==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, private\r\ncontent-encoding: br\r\nserver-timing: dt_total;dur=0.142, bff;dur=106.46, wf-uht;dur=0.134\r\nvary: Accept-Encoding\r\nx-dt: 1208\r\nx-pod: R-x52wv\r\nx-time-ng: 0.110\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42844,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"cfd3871060f0f9720de339f156ed0296","sha1":"431d74d4427abea3f69fc4df24fac42df143808e","sha256":"e90c5c12e9fa5c586d8ca5567ebc50b84271c7b819b52252f30f0a26ce645ffd","sha512":"85ddba32445c7ddeca73c39e57d525d5dfc6039ecb01708396e84bc3e969e66a97d78454602c4eeb6ed7961f2b2c74da5717777742490cd98361063b339a7137","ssdeep":"768:IxTgeDRn6IbevLyM95BQwtJ7BdUDca8+oE9OwptQ:IxTgeDRn6IivLyM95BQKlcca8+oE9Owg","tlshash":"5613df4ebad0567b401f1abacd63fe4e57f81f1b1c93a4625ae37c8614b291044e783e","first_seen":"2026-01-04T10:34:06.272056Z","last_seen":"2026-01-04T10:34:06.272056Z","times_seen":1,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":170,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"1xlite-62827.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/ar/dictionary_96ff04140b3c7c33e3b5a484d97f51c4.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_main/ar/dictionary_96ff04140b3c7c33e3b5a484d97f51c4.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-9ceed58134b0cb14edd1c2db4bee9223-0186e1d60d016106-01\r\nlast-modified: Tue, 30 Dec 2025 08:09:37 GMT\r\netag: W/\"e644730a9dc9fcbf31d8a01815611d7a\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Tue, 30 Dec 2025 09:18:27 GMT\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 825\r\ncache: HIT\r\nx-cached-since: 2026-01-04T10:19:50+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":179071,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"9208c0a21d29a9ffaee577c108141a81","sha1":"32c8a2e7419d23cfe98357144bc2361aeb341317","sha256":"a348547125cb60eadce495c63af609174d19b635bd04e0556486b97487609a09","sha512":"a9f786d0316156df908cdd3cd3b86ae6866f0063d3e11476858103c32dd9bc4dd1c25ee76f47c9b6da90fabf9fb2e3d29ae994eeb7cd71233082c2ad6fc1c7e9","ssdeep":"3072:zEFT8qJiZcIkZPePf9NE2NTavpADAAHaAx9t9hKi+:zgQHjx9c1","tlshash":"c404a6921e1c88352b869e5ef0977628d5705d239b6ffc316cd74616e383992c2af03e","first_seen":"2026-01-03T12:34:40.878271Z","last_seen":"2026-01-10T15:08:55.628659Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: image/svg+xml\r\ntraceparent: 00-d45c39ddbb1bbdb4a62f0026245ec653-4cadf565afff9cad-01\r\nlast-modified: Wed, 19 Apr 2023 11:51:30 GMT\r\netag: W/\"3ae81b002dca46d3b732ce3e03ae35c6\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 16 Jan 2025 11:13:48 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2655\r\ncache: HIT\r\nx-cached-since: 2026-01-04T09:49:20+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1228,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3ae81b002dca46d3b732ce3e03ae35c6","sha1":"388d37b5f714937677de74330a8daab0a0d1196b","sha256":"1c76b93f07c6a861c4ad9529059ea99ae69f2451788da7cab1f17fa94d54382e","sha512":"48887848044da3a9a54b72a1f15a39ac0b30ea8ad7ddc3d4c69e51bb0479f39631d4b9098d289eecdaa9648db4118ddfa38cf76ef1a58718c67d70efc80a67a8","ssdeep":"","tlshash":"e72124be434d5bfb60025fd8967802513abaf0c2f29926ed55d674227903cf4d074955","first_seen":"2023-04-05T22:56:35Z","last_seen":"2026-04-04T04:09:16.943816Z","times_seen":1366,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:45.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1/23802/radar.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 04 Jan 2026 10:33:45 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nLocation: /1707728419/stub.js\r\nExpires: Sun, 04 Jan 2026 10:43:45 GMT\r\nCache-Control: max-age=600\r\nVary: User-Agent,DNT\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":59,"dns":0,"connect":19,"send":0,"wait":29,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1707728419/stub.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:45.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1707728419/stub.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 04 Jan 2026 10:33:45 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 12 Feb 2024 09:50:42 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"65c9e9f2-186\"\r\nExpires: Sun, 18 Jan 2026 10:33:45 GMT\r\nCache-Control: max-age=1209600, public\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5ca1v897130004za200zd897130004\u0026_p=1767522825528\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=567346639.1767522826\u0026ecid=490356007\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AEAAAAQ\u0026_s=1\u0026tag_exp=103116026~103200004~104527906~104528500~104573694~104684208~104684211~105391253~115583767~115938466~115938468~116184927~116184929~116251938~116251940~116682875\u0026sid=1767522825\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-62827.bar%2Far%2Fblock%3Ftag%3Dd_85563m_29145c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l73747_clickunder\u0026dt=1xBet\u0026en=scroll\u0026ep.optimize_id=GTM-5R4MT54\u0026epn.percent_scrolled=90\u0026upn.ref_id=1\u0026tfd=11969","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:46.084Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5ca1v897130004za200zd897130004\u0026_p=1767522825528\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=567346639.1767522826\u0026ecid=490356007\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AEAAAAQ\u0026_s=1\u0026tag_exp=103116026~103200004~104527906~104528500~104573694~104684208~104684211~105391253~115583767~115938466~115938468~116184927~116184929~116251938~116251940~116682875\u0026sid=1767522825\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-62827.bar%2Far%2Fblock%3Ftag%3Dd_85563m_29145c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l73747_clickunder\u0026dt=1xBet\u0026en=scroll\u0026ep.optimize_id=GTM-5R4MT54\u0026epn.percent_scrolled=90\u0026upn.ref_id=1\u0026tfd=11969 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://1xlite-62827.bar\r\ndate: Sun, 04 Jan 2026 10:33:46 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:170:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:170:0\r\nreport-to: {\"group\":\"ascnsrsggc:170:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:170:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":27,"dns":0,"connect":10,"send":0,"wait":20,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/192f3e7f77.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/192f3e7f77.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-9ecad5f5397d40961cfdb51ed977b0fe-4351e28a784c3a90-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: W/\"a183d67a6f8ea109fef0a1b4f5f2b920\"\r\nx-amz-meta-mtime: 1766488103.537479318\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 11:12:21 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 83256\r\ncache: HIT\r\nx-cached-since: 2026-01-03T11:25:59+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2848,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2845)","md5":"a183d67a6f8ea109fef0a1b4f5f2b920","sha1":"9908c3bc21a4de25fe732742f501bd5b42c04c79","sha256":"ebdb6c637f146183a35569fcf56d547616da772f4b10c500a12a670fd46a6560","sha512":"c55796a768f46379b24f94bb40ff4846e651c94411fbf828648f1ba95353caeb7970abc3b37e4ffbac456c42085e8d46868a9d1ae07b0a2d31005d6025b7655e","ssdeep":"","tlshash":"ca5166967cb4b0b2af7643ee7e2640f5460d2a45b15d4093fded473c200f0a9176ab63","first_seen":"2025-12-23T20:54:42.020611Z","last_seen":"2026-01-14T07:33:59.008285Z","times_seen":127,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-ui/3.3.544/Desktop/Default/client.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-ui/3.3.544/Desktop/Default/client.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-7bf7d87689a92dc3ef2588cd82d2ef08-b16aabfead9160d7-01\r\nlast-modified: Thu, 18 Dec 2025 08:43:05 GMT\r\netag: W/\"a10805f87dbd4750c11572b5d2f6ba7c\"\r\nx-amz-meta-mtime: 1766047382.787017175\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 08:50:37 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 5468\r\ncache: HIT\r\nx-cached-since: 2026-01-04T09:02:27+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":720302,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"a10805f87dbd4750c11572b5d2f6ba7c","sha1":"8bc092e930b008473f7f211eaae4f6579717840a","sha256":"e3eddb33cb9dee8a8ad866700f671b90c7e116a199bc1a5cd2bab915343eef81","sha512":"3974d431c58149c309ffa50f420971e2449bffb507f10756cb21a5474c6ff9be3a4726dc10433216e8938df532a155825303a2c082ea7b86a52ea31d61667bbd","ssdeep":"12288:nnSDjMb4OAD03pDTuThJDUZxzMjfPQfIHSKRuPB48:MMb4OAD03pDTuFI48","tlshash":"ebe4941cf29d92353e37e62062945ffc6620b7079b231d6ef4aa064a0ec35437196dbb","first_seen":"2025-12-23T20:54:41.985309Z","last_seen":"2026-01-14T07:33:59.009167Z","times_seen":183,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/seo-module-api/api/public/v1/analytics-counters?project[id]=1208\u0026domain[host]=1xlite-62827.bar","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.565Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-62827.bar","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 05:20:09 GMT","end":"Mon, 09 Mar 2026 05:20:08 GMT"},"fingerprint":{"sha1":"66:E5:4E:74:0B:7E:DF:94:A4:98:72:73:D6:EC:9F:E4:34:AE:A0:76","sha256":"FC:2E:BE:DC:DD:09:CD:99:98:5C:3D:BC:88:05:27:BF:AC:31:19:C6:ED:06:3A:8A:4B:4B:00:D0:A0:FC:B1:60"}}},"request":{"raw":"GET /seo-module-api/api/public/v1/analytics-counters?project[id]=1208\u0026domain[host]=1xlite-62827.bar HTTP/1.1\r\nHost: 1xlite-62827.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=LiC2ZGlaQf4r7rVaBOyBAg==; lng=ar; tzo=3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json\r\ncontent-length: 47\r\ncontent-encoding: br\r\ncache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300\r\nx-content-digest: encf4b7cb201e71c1f60b6f90e569ae0ea\r\nage: 1461\r\nx-request-id: 1c231a40ff5beadd2b395d33155fe395\r\nx-request-guid: 1c231a40ff5beadd2b395d33155fe395\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: p;dur=2.1388530731201, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d327ba13bb1db5d3bdd1d55a10c9efeb","sha1":"e1e7bcd7effbbd7e7345effa2a2f0f5c7074bb94","sha256":"a3992fa7701216e66dd528a170fbae5d556428c9f6c04290521ca106be88b63d","sha512":"d20f6fa0f2d85467ee34c2761efff2dd37cdeb1c6d1199ea6ab833f51d8366e7ccbd791e90c96081c8164fc9a7e6989a1a891600fc09721f27fc5bfc992c1616","ssdeep":"","tlshash":"069002125a446d64580354844145544240a490588d5262010d5496338128118255176b","first_seen":"2025-04-15T20:05:45.664568Z","last_seen":"2026-03-27T20:45:59.20506Z","times_seen":174,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"1xlite-62827.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-9582f2429feb6e13066536974e297384-f6355c28b6029171-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 172\r\ncache: HIT\r\nx-cached-since: 2026-01-04T10:30:43+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-04-04T04:09:16.94457Z","times_seen":10137,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T10:33:34.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-62827.bar","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 05:20:09 GMT","end":"Mon, 09 Mar 2026 05:20:08 GMT"},"fingerprint":{"sha1":"66:E5:4E:74:0B:7E:DF:94:A4:98:72:73:D6:EC:9F:E4:34:AE:A0:76","sha256":"FC:2E:BE:DC:DD:09:CD:99:98:5C:3D:BC:88:05:27:BF:AC:31:19:C6:ED:06:3A:8A:4B:4B:00:D0:A0:FC:B1:60"}}},"request":{"raw":"GET /ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder HTTP/1.1\r\nHost: 1xlite-62827.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=LiC2ZGlaQf4r7rVaBOyBAg==\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 203 Non Authoritative\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:34 GMT\r\ncontent-type: text/html;charset=utf-8\r\ncontent-length: 3311\r\nserver-timing: dt_total;dur=0.081, dt_total;dur=0.005, total;dur=16;desc=\"MF\"\r\nset-cookie: gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Wed, 07 Jan 2026 10:33:34 GMT; Secure\r\nvary: Accept-Encoding\r\nx-dt: 1208, 1208\r\nx-time-ng: 0.026\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"203","status_text":"Non Authoritative","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3030)","md5":"3ca6d916ebc7d1ff96e46f2fc2949d89","sha1":"96b1fbeb2e09073a00115cdc4bbf2d6ec9841ff0","sha256":"16cf5647bc09c5ac4b4650bdf0643c6b26b792503d55d521fb11c7110b793855","sha512":"1c2c9d110dccfa34fef22ea3607ac7b1ca085a75ed9f780bef23e96869bc1ab6981590abb9059fd6810782c751a82996b60c2e96f193a48b2ac73c801f35432b","ssdeep":"","tlshash":"5961d727503ccb3f4522445d8a02fb0a8ecc287b7149e94de67c4e8d17c62cba417a47","first_seen":"2026-01-03T12:34:41.013456Z","last_seen":"2026-01-04T10:34:06.27731Z","times_seen":2,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":79,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"1xlite-62827.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-4c08f16740f314eefd6cfd011b780650-0bbb210db241116b-01\r\nlast-modified: Tue, 30 Dec 2025 12:59:16 GMT\r\netag: W/\"bea5b052c307601192270938523fa030\"\r\nx-amz-meta-mtime: 1767099327.751294652\r\ncontent-encoding: gzip\r\nexpires: Thu, 01 Jan 2026 12:09:19 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 80345\r\ncache: HIT\r\nx-cached-since: 2026-01-03T12:14:30+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21252,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (21232)","md5":"bea5b052c307601192270938523fa030","sha1":"937f7094c67f5a92c1032a7bc3f21ee94bec66ef","sha256":"f41290374ba615854ebb4b28a07de775581707f3b6427bcc01c0529c62476f64","sha512":"b9bff7f7d9b518ec76898a732114873c01206378c2a840c62062f05487ef773716ce841d7a5bafe3f0c65fbfdf05509852571a3a6b381661cb6f4984d6bc23a9","ssdeep":"384:ZP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxiZ:piZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7b92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","first_seen":"2025-08-22T10:11:14.555802Z","last_seen":"2026-03-04T04:00:43.408775Z","times_seen":3920,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_67be4069d3.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.742Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_67be4069d3.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 291\r\ntraceparent: 00-f39cbd42822001231fa7c42a3db96b60-ae9b3d8e8c2986bb-01\r\nlast-modified: Tue, 30 Dec 2025 12:59:20 GMT\r\netag: \"00e9a1cb57562ecdbc4f8a438ff0d3a7\"\r\nx-amz-meta-mtime: 1767099327.786295153\r\nexpires: Thu, 01 Jan 2026 09:01:50 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 5072\r\ncache: HIT\r\nx-cached-since: 2026-01-04T09:09:03+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":291,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"Java source, ASCII text","md5":"00e9a1cb57562ecdbc4f8a438ff0d3a7","sha1":"18b312426460be06bfc557ef8d24fc9328935b47","sha256":"360358fda10eb3510d6f69bd8362258043c0092d0c085fd24c1996fa20303790","sha512":"af88385a60878abfb1fffe9275e125445f0c177a9302a0ecb431dbdb7bba0c7888d4981323c78ea48278b821ec6a9a9c62bfa193a8dc684e6c2add3004d5edba","ssdeep":"","tlshash":"1cd0eb3d6ff1e0b5330528ff322b719233093c04930ad4a300a6036801c80faa275e3a","first_seen":"2025-12-23T20:54:42.051787Z","last_seen":"2026-01-14T07:33:59.011214Z","times_seen":183,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/4d416977b5.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/4d416977b5.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-2a47a285afc0ad5ef39e3aa38413bcc6-177b4140d02ae10b-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:44 GMT\r\netag: W/\"5c33927153f6d628ea771eb51a514b09\"\r\nx-amz-meta-mtime: 1766488103.471473767\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 17:22:05 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 61489\r\ncache: HIT\r\nx-cached-since: 2026-01-03T17:28:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3884,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3883)","md5":"5c33927153f6d628ea771eb51a514b09","sha1":"40390b90d99b2d3408d597d24daedc4bf614beda","sha256":"302ec7f61d1e628eba933d5b3c75a98f3135bbbd45af794476a0fcbdf145a9c5","sha512":"edde36cc3523543858227617d05807be04053a8b6a1569452abb135fd96074f99252834da9f54d31ae23bc06d06dcb3a1f57ad65e44686dbfc837ff8d94d82ca","ssdeep":"","tlshash":"19818c58bcaf409cfc37df210bdb5e188276b122d11692c8f841953a2ddb98794f149f","first_seen":"2025-11-13T15:27:51.581732Z","last_seen":"2026-02-17T23:36:16.903884Z","times_seen":837,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/css_vars/d47c7051b33fd4cf012dd1ba88ca9381.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/site-admin/css_vars/d47c7051b33fd4cf012dd1ba88ca9381.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/css\r\ncontent-length: 44\r\ntraceparent: 00-321c5c1c447cd5da0292eb1796d57e57-4c9247ea5c363c52-01\r\nlast-modified: Tue, 18 Nov 2025 11:33:29 GMT\r\netag: \"d47c7051b33fd4cf012dd1ba88ca9381\"\r\ncache-control: max-age=3600\r\nexpires: Tue, 18 Nov 2025 14:06:30 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2497\r\ncache: HIT\r\nx-cached-since: 2026-01-04T09:51:58+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"d47c7051b33fd4cf012dd1ba88ca9381","sha1":"e8f4a550dc1526e29bbf41e19812174061129e0d","sha256":"d23ddf603e1bea345e3f913800e533ecea691174a25c9f0a40ea8b6eb17e4c95","sha512":"67ba4c3cbeb528f80648ab2833e973436b5f58817ebb69c754b06e50370f279bf18d0f6abb031ebbabb75867e0691cba11b3dc33ea9e85da3438a7e40510ef49","ssdeep":"","tlshash":"729004d4f50c33503455c75710dd44d111c4135f4511355cd5533c11f443c40cc505cc","first_seen":"2025-07-16T20:50:43.408412Z","last_seen":"2026-03-26T08:17:17.906604Z","times_seen":1364,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-icons/1.0.915/285/country.svg","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-icons/1.0.915/285/country.svg HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: image/svg+xml\r\ntraceparent: 00-2519c74796a809c6fda168909f3619d1-0190b0a14c7ea95a-01\r\nlast-modified: Tue, 23 Dec 2025 10:17:37 GMT\r\netag: W/\"e755054847ccc09de8ac9bdf2c4326d6\"\r\nx-amz-meta-mtime: 1766485039.668461346\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 10:18:51 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 85947\r\ncache: HIT\r\nx-cached-since: 2026-01-03T10:41:08+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":217418,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e755054847ccc09de8ac9bdf2c4326d6","sha1":"1461e05caf5c7bfda69a9a45127a8f78dc37a9ec","sha256":"d03bc4c7e0d2d128ba647df7ef393f9e856ff0b98b09d6d2849bdaaaded8e7b9","sha512":"2a6e1617fe4b5f4039431564fdb2d90f8a4a930ea555e10133b9d07809ebe56f64cfc9000de709289b2cb9143664bb8e334cabf2d49c7c20dac9ba8ed0eee9ce","ssdeep":"3072:hgvO+igz5Wy8EjUskAnA3ZJ9QeVCLpE74OWuhgwlKqjk71xhbXVjGYLGS/suV1SM:uqCLpPOWuq5vaSueoO7","tlshash":"08245554b099b14c2a8363e8c7afa5e1133e61db71da419938e993d8520e3dffe83950","first_seen":"2025-08-28T01:30:48.467208Z","last_seen":"2026-04-04T04:09:16.974Z","times_seen":1070,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_f84004e523.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:34.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_f84004e523.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:34 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-b02051c33563c4434870788e343d7e43-8667052ad378217c-01\r\nlast-modified: Tue, 30 Dec 2025 12:59:20 GMT\r\netag: W/\"b52b0468a89928ac4f5491d84b23b9da\"\r\nx-amz-meta-mtime: 1767099327.781295082\r\ncontent-encoding: gzip\r\nexpires: Thu, 01 Jan 2026 11:19:00 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 82915\r\ncache: HIT\r\nx-cached-since: 2026-01-03T11:31:39+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5355,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (5354)","md5":"b52b0468a89928ac4f5491d84b23b9da","sha1":"a9ea1f64b65e6191c59676c686c51b060c7f2894","sha256":"e638e7e679d5cd6a547e47ebca2b1c6a13023e80d42fd89139ab021f6aed3c57","sha512":"faefa82305b6be705bafc627991a35f1a32d679358a72ea81cb3551b0a3708997017d946ed2984f683a5514eab417ee5806627c0db89bf3b3820c38f5bd12e4b","ssdeep":"96:y0EbBQ77VHY+R5f4wQL5cdj5JeEaiq4vupNFZFZLiG:obBQ77VHY+R5f4wQL5cdXQzZLiG","tlshash":"5ab11e8dedf5c03a8a27bc12135c8e3d1735f997d9211d9ef25c83a554c3b9201d0eaa","first_seen":"2025-12-03T12:27:09.709217Z","last_seen":"2026-01-29T09:40:33.621374Z","times_seen":485,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":75,"dns":39,"connect":1,"send":0,"wait":1,"receive":0,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/entry-bbdf0b7ffc.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:34.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/entry-bbdf0b7ffc.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:34 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-4b5f56ab8cedf365b118cfadf580f75b-54de754175ef4739-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: W/\"538f7cf8c223d576e55ec57979962f1b\"\r\nx-amz-meta-mtime: 1766488103.525478309\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 11:12:21 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 83256\r\ncache: HIT\r\nx-cached-since: 2026-01-03T11:25:58+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22542,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22015)","md5":"538f7cf8c223d576e55ec57979962f1b","sha1":"a2d705e712322178eda29a6f371affc79ab46770","sha256":"7561410894dd995cafda66d9bf39de55d8f52e98058f4d0a46cfe105c45087e1","sha512":"e9a0d6b81f2d59235b74526d96411ae6e4e66c391e6df4a37a6da3b0ea9ebb1f608095a051d4ee3270ddab356665c2527977d64976a96bc026e613daee684fc0","ssdeep":"384:HkJQgN7zrAiEqUb8To4lGSdlqll70JGhPhjwVTGxcPRDCEBzua4QIiouV+2cTrcL:HkWuZEqc8To4rdlqll70JwPhjwV6xgRd","tlshash":"e2a21f7c219cf0f535cb459537f6bc526688ad2ff98abcd6409789cc03da04cc9663aa","first_seen":"2025-12-23T20:54:42.05595Z","last_seen":"2026-01-14T07:33:59.035481Z","times_seen":115,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:34.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/$_$.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:34 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 69\r\ntraceparent: 00-b8671776e9f7ce16a14f6c2ee7b653e2-19942eaba8da7c36-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:44 GMT\r\netag: \"2cdaa92927f02e0b628f1ef4d7dd8caf\"\r\nx-amz-meta-mtime: 1766488103.461472926\r\nexpires: Wed, 24 Dec 2025 18:17:06 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 58228\r\ncache: HIT\r\nx-cached-since: 2026-01-03T18:23:06+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":69,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_LNU73JEK.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_chunk_LNU73JEK.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-b3a0f34a021e5b4954750f23101928b0-0a74b3478a03f1ed-01\r\nlast-modified: Tue, 30 Dec 2025 12:59:16 GMT\r\netag: W/\"d96d317966512ab8915a90670ca5a5af\"\r\nx-amz-meta-mtime: 1767099327.788295182\r\ncontent-encoding: gzip\r\nexpires: Thu, 01 Jan 2026 09:45:17 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2865\r\ncache: HIT\r\nx-cached-since: 2026-01-04T09:45:50+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1232,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1231)","md5":"d96d317966512ab8915a90670ca5a5af","sha1":"a810be1c3e515adb49804e8d976250deb16fd77d","sha256":"f125201d62c452efba070d856821885c7cfd539a31d55846caa6ae3a7522d3cf","sha512":"460b29966e6f5ac4d34ccc714217d29686d7aff42efa92a102729d40aa36dd4fbb87116178b2f9fdece5fdb09cb2bf2024312d3f1b86abb69644f695c76aca2d","ssdeep":"","tlshash":"a521f1e56fbc7ba362be2ae4a02e0041e001d53752f4f1d4f294dfb4a4e949d035b5b6","first_seen":"2025-08-22T10:11:14.554562Z","last_seen":"2026-03-04T04:00:43.411503Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/ec95a66bfe.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/ec95a66bfe.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-000fda421332412e099cd6ad2a8fbeee-326761375392778b-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: W/\"ea480642e3fdad5b9118b3b2458455a7\"\r\nx-amz-meta-mtime: 1766488103.520477888\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 11:12:21 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 83256\r\ncache: HIT\r\nx-cached-since: 2026-01-03T11:25:59+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6742,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6154)","md5":"ea480642e3fdad5b9118b3b2458455a7","sha1":"7d0a927ea118fd45b8b0342fff295cb3361d9387","sha256":"94cbddfb1ac92d6901543646d503a528b4132e388c6bde226782589026772e6d","sha512":"46d0e4811c5e32385998cad926bf723b16b83a610a189c731f37e84a3a4c0e7a30033e8a5c78669815201137d7c44dc22b7865c466dbeba22a65fdfe236916d1","ssdeep":"192:FhpR0b23WsQ0W99z/ULrcZkprVTrQitHZs6CS+v1d0:HpR0b23WsQ0W99z/YcZk/T7i6CS+v1y","tlshash":"abd1d6ad1ff930b420650fd8be1224b197a81d2793ec88f6ea590f64033d449c6ba967","first_seen":"2025-12-23T20:54:42.063151Z","last_seen":"2026-01-14T07:33:59.042438Z","times_seen":115,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.559Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-62827.bar","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 05:20:09 GMT","end":"Mon, 09 Mar 2026 05:20:08 GMT"},"fingerprint":{"sha1":"66:E5:4E:74:0B:7E:DF:94:A4:98:72:73:D6:EC:9F:E4:34:AE:A0:76","sha256":"FC:2E:BE:DC:DD:09:CD:99:98:5C:3D:BC:88:05:27:BF:AC:31:19:C6:ED:06:3A:8A:4B:4B:00:D0:A0:FC:B1:60"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1\r\nHost: 1xlite-62827.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder\r\nContent-Type: application/json\r\nX-Lang: ar\r\nX-Uuid: 33aeb8a1-4dfe-48dd-b9b1-c28a15ca0f2a\r\nContent-Length: 19\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=LiC2ZGlaQf4r7rVaBOyBAg==; lng=ar; tzo=3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":19,"data":"{\"w\":55,\"state\":[]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json\r\ncontent-length: 2\r\nx-dt: 1208\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.117, wf-uht;dur=0.015\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-04-04T04:43:01.942606Z","times_seen":225807,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"1xlite-62827.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-62827.bar","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 05:20:09 GMT","end":"Mon, 09 Mar 2026 05:20:08 GMT"},"fingerprint":{"sha1":"66:E5:4E:74:0B:7E:DF:94:A4:98:72:73:D6:EC:9F:E4:34:AE:A0:76","sha256":"FC:2E:BE:DC:DD:09:CD:99:98:5C:3D:BC:88:05:27:BF:AC:31:19:C6:ED:06:3A:8A:4B:4B:00:D0:A0:FC:B1:60"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-62827.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder\r\nContent-Type: application/json\r\nX-Lang: ar\r\nX-Uuid: 33aeb8a1-4dfe-48dd-b9b1-c28a15ca0f2a\r\nContent-Length: 48\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=LiC2ZGlaQf4r7rVaBOyBAg==; lng=ar; tzo=3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":48,"data":"{\"w\":55,\"sw\":1280,\"sh\":1024,\"e\":10273,\"sids\":[]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 1208\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.085, wf-uht;dur=0.011\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c744d0a8d9af43691a7e4b3444b21e2f","sha1":"b0b53c13234dfdb676b4288e6c93e40ff4125636","sha256":"896cd64fd05578e0ee199d103b7eb7b94af6479cbb93aead3bcbc3c0a1a9f8f0","sha512":"b054c3a5e1af26dbbd5400eebcb782fd7420543926d162244429622622be1a23fd519ee8558d6de926cb79960a6010f2cf4eb8a3e536d24463f450b970a9f8a3","ssdeep":"","tlshash":"537000080202a000a080800a020208022c28808080c228288082cc08838ece8880a283","first_seen":"2026-01-04T10:34:06.296223Z","last_seen":"2026-01-04T10:34:06.296223Z","times_seen":1,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"1xlite-62827.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1208/desktop/media_asset/0e1bbab06383b4447421b01b855b71be.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1208/desktop/media_asset/0e1bbab06383b4447421b01b855b71be.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-1705eff98e50d9ee988fd52fe2cabf42-6fba07ad4f55b0fe-01\r\nlast-modified: Fri, 07 Nov 2025 11:34:51 GMT\r\netag: W/\"b95bbe824df0e2a2d571358c25c01f88\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 02 Jan 2026 08:32:52 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7723,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b95bbe824df0e2a2d571358c25c01f88","sha1":"7fcd8150dae9d36bae064f605676517894eba563","sha256":"deaedaa5a68d9f5a85961164003477eb5078602f7634eeb6257a45c235bd5234","sha512":"cd1211517c82f9675fb88706595ae2445566de27564f475ac7a26c3fcf67ee70f59ec575a5153c737c49bf87a75db9a1216d672dadbd146ffbd22e95ca8c3e00","ssdeep":"48:TzABBABGkABjABFygABCN/ABCNYN8ABWHABaEABzzEFABIIX4ABBxSHsABYiwABp:lFbClXCL3cblP+XyLO5GIQ","tlshash":"0ff11684fff05c33112f94ad98b37a89a3884f07a95a7d1c7f9d294c1f1451a04aadbe","first_seen":"2025-11-07T13:07:42.245146Z","last_seen":"2026-01-05T09:11:08.877922Z","times_seen":824,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/bff-api/config/group/get?groups=d.technical,d.global\u0026lang=ar","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-62827.bar","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 05:20:09 GMT","end":"Mon, 09 Mar 2026 05:20:08 GMT"},"fingerprint":{"sha1":"66:E5:4E:74:0B:7E:DF:94:A4:98:72:73:D6:EC:9F:E4:34:AE:A0:76","sha256":"FC:2E:BE:DC:DD:09:CD:99:98:5C:3D:BC:88:05:27:BF:AC:31:19:C6:ED:06:3A:8A:4B:4B:00:D0:A0:FC:B1:60"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=d.technical,d.global\u0026lang=ar HTTP/1.1\r\nHost: 1xlite-62827.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=LiC2ZGlaQf4r7rVaBOyBAg==; lng=ar; tzo=3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, private\r\ncontent-encoding: br\r\nserver-timing: dt_total;dur=0.012, bff;dur=8.70, wf-uht;dur=0.025\r\nvary: Accept-Encoding\r\nx-dt: 1208\r\nx-pod: R-wj6qp\r\nx-time-ng: 0.011\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1338,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9ae16d42a85a614a9df46d8041745eb4","sha1":"9d6063f06348269dd23036b99b4f6ee31af08e83","sha256":"b934f8a3eaae16387d3c9d676ae1b3114a05f9783ab98a7c13777bdf1301626e","sha512":"fd64af41e76da92123ffc56598b4c3c55e56119d584714573a14c970ba5be3f60671ba693478d80a2fc3da2adef890a83487bfac965a77c99265cd727937b602","ssdeep":"","tlshash":"e021575e60b0c63c60680676db82be149fec405f3a80b581fe0c989c70d2cdef92250b","first_seen":"2026-01-03T12:34:40.986779Z","last_seen":"2026-01-04T10:34:06.297832Z","times_seen":2,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"1xlite-62827.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/e27425a6cf.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/e27425a6cf.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-cc376f1c8b61d743ab849ec3d53918ab-ccbcfa5b649b3048-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:44 GMT\r\netag: W/\"544ea803a3df8e55e85706a646f95614\"\r\nx-amz-meta-mtime: 1766488103.514477383\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 14:43:13 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 70778\r\ncache: HIT\r\nx-cached-since: 2026-01-03T14:53:57+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2867,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (2866)","md5":"544ea803a3df8e55e85706a646f95614","sha1":"ae409064324337a44a066208ec8fa7166bbfd628","sha256":"8991a0d7246dce731aee299bf16a3acbf1f59d5f36776c27e8cfcb7e77b3732e","sha512":"bc0360c2cfce28bc29b49404fe3e3230546cb7b7aebea9936246d7e99f78ac7a66b5143adea22a527739ba10799d93f73cde16c0363961b1b1632e39ddb5e6a7","ssdeep":"","tlshash":"c0516adef8b9d5752d33f022d70c5eb95930b527c5214e82f48c93a125c3a922aa1dae","first_seen":"2025-11-12T14:09:39.097866Z","last_seen":"2026-02-06T09:24:24.17097Z","times_seen":1064,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/colors/ac807ea7bf6b3d0ff1813b5eadc3e98a.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/site-admin/colors/ac807ea7bf6b3d0ff1813b5eadc3e98a.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/css\r\ntraceparent: 00-a701fc7deef5d3b438241bafda1e4fb4-6663c053e307bd16-01\r\nlast-modified: Fri, 26 Dec 2025 08:01:41 GMT\r\netag: W/\"ac807ea7bf6b3d0ff1813b5eadc3e98a\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Dec 2025 10:30:42 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1214\r\ncache: HIT\r\nx-cached-since: 2026-01-04T10:13:21+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41375,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (41375), with no line terminators","md5":"ac807ea7bf6b3d0ff1813b5eadc3e98a","sha1":"9483c1b722af655b4d51c04c5247ad367fd16a35","sha256":"8c57ea603f02d13f97aa644529208c4d11ef35834db2523eafbc44079aa7e147","sha512":"ffcec057ff5752012fd832655100cb49eb6080be33be273f6ad283feffb3e9de399f9ba788771f5aeff6cbe2e63018322a132d1952633f2516bb22c91fcd677b","ssdeep":"768:+EO1mFS775xWt5JkyunibMhSNmInQLeCA:+EO1mFI75xWt5JkyunibMhvInQLeB","tlshash":"f8037b7ded91c1712a991931911c677b3d36e9ceae240f8fd02c73e570c1a022be5a7a","first_seen":"2025-12-18T19:24:06.611705Z","last_seen":"2026-02-04T19:06:52.762739Z","times_seen":253,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/708191bc33.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/708191bc33.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-56c97f4ad72ce712984a4416e9e846d4-def1d0ac89d44577-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: W/\"f558fd5629eaf2411a804db7a8f35d89\"\r\nx-amz-meta-mtime: 1766488103.478474356\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 11:12:24 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 83256\r\ncache: HIT\r\nx-cached-since: 2026-01-03T11:25:59+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3730,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3729)","md5":"f558fd5629eaf2411a804db7a8f35d89","sha1":"c9239b8810c39517704dfc46f746c3f03136b466","sha256":"481f44e30fbad7065c6cf53e1b699af33c6afe77c4ecb17095eed9022c388e5e","sha512":"d10fc5869f68eea2268d0d3c9dc465268e348063a9b50a0401e0f08c91418da9bc75b187d1138b6f4676128a5241450ed60b2d2632407e58ff1cb501d3e526bc","ssdeep":"","tlshash":"84717346ac78f5f6ba0782a83d2344f0cb1fac2ed16449eae1f4c6bc129d4952432f57","first_seen":"2025-12-23T20:54:42.009554Z","last_seen":"2026-01-14T07:33:59.0485Z","times_seen":114,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/desktop/media_asset/e6baed4eecf4ba7f9a5c2fcf97aad110.webp","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/desktop/media_asset/e6baed4eecf4ba7f9a5c2fcf97aad110.webp HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: image/webp\r\ncontent-length: 6642\r\ntraceparent: 00-e81157b72c6563f2621ab8f89bff3b39-f6a2d2b9353b623d-01\r\nlast-modified: Tue, 28 Oct 2025 08:17:54 GMT\r\netag: \"f2a90faef41c53fb4af747c8cbf25485\"\r\nexpires: Mon, 08 Dec 2025 19:01:33 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1936\r\ncache: HIT\r\nx-cached-since: 2026-01-04T10:01:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6642,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 960x278, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f2a90faef41c53fb4af747c8cbf25485","sha1":"54855a9fb307c4ecc9afea135838328cf439162e","sha256":"993540582d4cab4dc40ba13392f7460f30f0b656ff1e413abe9c20387000cc92","sha512":"c6f5e9a6238a864affd37952ba241b4e5a01dbfad9a18e22b53ea00e6f3acbbf114a5752f0b5faecd89efa6d24990df365113d7321543d0d44cfab1987f123a8","ssdeep":"96:MdOd7t6i+bJODeMN38LbY5gZQpRDH/ij1TgpEV6iuRjxNY4wos4RWNFCjMzlAm92:MduSOXsv6DfiR8fisNk9X3qUhpg","tlshash":"d7d1b074a2c81a958a299e763e763dab6e81039c31bcb6d674b5d5c8c50843fede7030","first_seen":"2025-11-13T15:27:51.525317Z","last_seen":"2026-04-04T04:09:16.975123Z","times_seen":1087,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:45.535Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 04 Jan 2026 10:33:45 GMT\r\nexpires: Sun, 04 Jan 2026 10:33:45 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 161206\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":509745,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)","md5":"b817b44de40de2686c34ebd195f984fb","sha1":"8fd2846eddfb88168eb481896d5e0273797e5187","sha256":"cd02441d3711fe00ce1de9a41075cdb02fdf3c777b90761b84a68a74418bd6e7","sha512":"b87d67c10068c732ed739d2fa26b32d7701cc980448fa33a7b4f63798b1193f62afe5fa7a54260e4682286e2f7ad7785e2aa7c38ed87d807591264b98de2eb06","ssdeep":"6144:u7Ie7mf2bulKYX61u99Yye5HDmHYmyBFzvnsBu6QWllECPad4XEPPad:5CJbu7q1mcrnssW2wEy","tlshash":"0bb4098e73c67426929af478502f02cba8bb29e2b45dc896b1c9ccf01d7459a4167f7c","first_seen":"2026-01-04T10:34:06.301339Z","last_seen":"2026-01-04T10:34:06.301339Z","times_seen":1,"resource_available":true,"data":null}},"time_used":288,"timings":{"blocked":86,"dns":1,"connect":20,"send":0,"wait":49,"receive":66,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-62827.bar/favicon.ico","fqdn":"1xlite-62827.bar","domain":"1xlite-62827.bar","tld":"bar"},"ip":{"addr":"46.32.182.100","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Azerbaijan","country_code":"AZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:34.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-62827.bar","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 05:20:09 GMT","end":"Mon, 09 Mar 2026 05:20:08 GMT"},"fingerprint":{"sha1":"66:E5:4E:74:0B:7E:DF:94:A4:98:72:73:D6:EC:9F:E4:34:AE:A0:76","sha256":"FC:2E:BE:DC:DD:09:CD:99:98:5C:3D:BC:88:05:27:BF:AC:31:19:C6:ED:06:3A:8A:4B:4B:00:D0:A0:FC:B1:60"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 1xlite-62827.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=LiC2ZGlaQf4r7rVaBOyBAg==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:34 GMT\r\ncontent-length: 0\r\nlocation: /en/block\r\nset-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Wed, 07 Jan 2026 10:33:34 GMT; Secure\r\nx-dt: 1208\r\nx-gw-blk-redirect-reason: block\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.003, wf-uht;dur=0.008\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"1xlite-62827.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/2de3cb6d98.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/2de3cb6d98.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-4ae55931bc00dac560856376c255be5b-524393c24e6d16ac-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: W/\"748d69570f5ecc45d4e669b8c2d63b19\"\r\nx-amz-meta-mtime: 1766488103.536479234\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 11:12:24 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 83256\r\ncache: HIT\r\nx-cached-since: 2026-01-03T11:25:59+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1370,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1358)","md5":"748d69570f5ecc45d4e669b8c2d63b19","sha1":"60e3bb5ea966a9fcce1d6cb502e20fd67a446b6d","sha256":"aa09e47ded5695d360fad9336da11a29e24c8a62c08b13bdca76f19caf72dd89","sha512":"193263ac8bc41f13749c0459d6f53051fbbf86abee79cdec191601edefa9f1605ea6e894834d9fdb1a78f5c5520ecd6b9f653e63ea5fff6337f090fe7ec80c45","ssdeep":"","tlshash":"3f21837badb0f03846101afebc243071038b2e57868ed59995cc03a60347095592aeb7","first_seen":"2025-12-23T20:54:41.975798Z","last_seen":"2026-01-14T07:33:59.033741Z","times_seen":114,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/19734a1859.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:35.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/19734a1859.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-62827.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 165\r\ntraceparent: 00-db7611391dfb6d0a4cb8f8441ebe150b-83ac1d1d7af8e17b-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: \"0de0c156338f3d41ab95438c3d50bf21\"\r\nx-amz-meta-mtime: 1766488103.537479318\r\nexpires: Sat, 27 Dec 2025 16:13:29 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 65442\r\ncache: HIT\r\nx-cached-since: 2026-01-03T16:22:53+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":165,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"Java source, ASCII text","md5":"0de0c156338f3d41ab95438c3d50bf21","sha1":"a39a274e2f641a2ed9c25a57fb8206974ad2c262","sha256":"1af1032c4d01a1d34bc1f6932bc12fcbe55b50735cee5caefdcd5fdca4591cb7","sha512":"2a894ed85c825eb50db36a6a733e0b521d6bb5128d21fcdca4beffc12f9795b3e20ef869d5404ebef83d6c68e0a8b997e31c16a41453c2b2b947e8421970d8a7","ssdeep":"","tlshash":"9bc08c0f24a85837826e4ef8991021421e0d85e533e105c8ed0c83ba032a4d3854e62a","first_seen":"2025-12-23T20:54:41.987403Z","last_seen":"2026-01-14T07:33:59.049088Z","times_seen":114,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:36.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 04 Jan 2026 10:33:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 653\r\ntraceparent: 00-76ee63ed1ee176cee5eb0c1a31ed5046-b0662984dfbde6ea-01\r\nlast-modified: Wed, 26 Jun 2024 08:18:02 GMT\r\netag: \"e6f0766cbd95db33da44e7a9140648f2\"\r\nexpires: Thu, 16 Jan 2025 10:46:36 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 17\r\ncache: HIT\r\nx-cached-since: 2026-01-04T10:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":653,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"e6f0766cbd95db33da44e7a9140648f2","sha1":"5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf","sha256":"c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0","sha512":"249da39baba03408de98c7fa9a9342ef120436037ab6245b3b4a5f1a206291caaf67481c6ed67064544576697d41ab82499abffec998d837812292a050bf826a","ssdeep":"","tlshash":"90f083e032254a855c02ac7fc33414448fb226cc3682bb09e012887119d24a79dd1368","first_seen":"2023-04-05T22:56:35Z","last_seen":"2026-04-03T12:07:45.643999Z","times_seen":6597,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.no/ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-7JGWL9SV66\u0026cid=567346639.1767522826\u0026gtm=45je5ca1v897130004za200zd897130004\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=103116026~103200004~104527906~104528500~104573694~104684208~104684211~105391253~115583767~115938466~115938468~116184927~116184929~116251938~116251940~116682875\u0026z=1408551502","fqdn":"www.google.no","domain":"google.no","tld":"no"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-62827.bar/ar/block?tag=d_85563m_29145c_[]MS[]null[]null[]general[]{site_id}_d22490_l73747_clickunder","date":"2026-01-04T10:33:46.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.no","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:22 GMT","end":"Wed, 25 Feb 2026 15:59:21 GMT"},"fingerprint":{"sha1":"E3:8A:B3:9D:E4:8B:53:E7:04:0F:DC:F1:FF:B6:DA:2F:A5:13:E7:D1","sha256":"3D:CC:25:A1:DF:57:5C:E5:5E:62:8C:3E:4C:9E:BF:21:67:03:6E:09:DE:4F:C1:38:17:4D:91:E4:81:A1:1D:6E"}}},"request":{"raw":"GET /ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-7JGWL9SV66\u0026cid=567346639.1767522826\u0026gtm=45je5ca1v897130004za200zd897130004\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=103116026~103200004~104527906~104528500~104573694~104684208~104684211~105391253~115583767~115938466~115938468~116184927~116184929~116251938~116251940~116682875\u0026z=1408551502 HTTP/1.1\r\nHost: www.google.no\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-62827.bar/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 04 Jan 2026 10:33:46 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\nx-content-type-options: nosniff\r\nserver: cafe\r\ncontent-length: 42\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"d89746888da2d9510b64a9f031eaecd5","sha1":"d5fceb6532643d0d84ffe09c40c481ecdf59e15a","sha256":"ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629","sha512":"d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c","ssdeep":"","tlshash":"c4900023fa808000c3a8c2300a0b238a2b8c80200a28030b80ae208cec3a3a22c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-04T04:45:27.25785Z","times_seen":761597,"resource_available":true,"data":null}},"time_used":140,"timings":{"blocked":57,"dns":1,"connect":7,"send":0,"wait":21,"receive":1,"ssl":50},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}