Report - luckyforbet.com/i/36173?var1=6181348

Report Overview

Visited public
2025-06-22 15:36:05
Tags
Submit Tags
URL
luckyforbet.com/i/36173?var1=6181348
Finishing URL
1xlite-87523.bar/en/block
IP / ASN
23.109.150.181
#7979 SERVERS-COM
Title
1xBet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mc.yandex.com	26236	1998-09-24	2014-03-01	2025-06-20	3.0 kB	5.9 kB	77.88.21.119
refpamjeql.top	73932	2019-08-22	2019-08-22	2025-06-22	619 B	274 kB	45.135.120.31
ad.doubleclick.net	186	1996-01-16	2012-05-24	2025-06-18	889 B	715 B	216.58.207.230
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2025-06-19	35 kB	5.6 MB	185.244.209.62
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2025-06-18	2.1 kB	1.7 kB	216.239.32.36
1xlite-87523.bar	unknown	2025-06-03	2025-06-20	2025-06-20	20 kB	953 kB	91.186.206.107
mc.yandex.ru	2672	1997-09-23	2012-05-21	2025-06-21	416 B	245 kB	77.88.21.119
adservice.google.com	76	1997-09-15	2017-09-26	2025-06-22	863 B	570 B	142.250.74.98
www.google.com	7	1997-09-15	2015-05-10	2025-06-18	845 B	567 B	142.250.178.36
14030178.fls.doubleclick.net	unknown	1996-01-16	2025-03-03	2025-06-22	971 B	1.4 kB	142.250.74.102
radar.cedexis.com	3035	2009-01-07	2013-11-27	2025-06-19	848 B	1.4 kB	45.54.49.5
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-06-18	2.7 kB	2.0 MB	142.250.74.136
luckyforbet.com	62789	2019-12-17	2020-01-21	2025-06-17	2.7 kB	2.9 kB	23.109.150.181
www.google.no	25607	2001-02-26	2012-06-26	2025-06-18	851 B	580 B	142.250.74.131
stats.g.doubleclick.net	96	1996-01-16	2012-07-01	2025-06-19	693 B	850 B	173.194.221.157

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed
2025-06-22	medium	1xlite-87523.bar	Sinkholed

ThreatFox

No alerts detected

JavaScript (56)

	URL	From	Size	First Seen	Last Seen
	v3.traincdn.com/main-static/61792ac9/desktop/default/Page.Block-e69ac7e3.js	ScriptElement	476 B	2025-06-18	2025-06-24
Pretty URL v3.traincdn.com/main-static/61792ac9/desktop/default/Page.Block-e69ac7e3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-24 13:26 Times Seen42 Hash c87f54df5a69769e626d975089e6f1d4 d63b1d8931e2fd9151032a5f2c0c155f23e4d6d4 b968bc21d59d3bf276ae39c19612ceb1235e221b19f74d6c921043af36157f78 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js	ImportedModule	69 B	2025-05-14	2025-06-28
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-06-28 02:34 Times Seen642 Hash 2cdaa92927f02e0b628f1ef4d7dd8caf 9104a2e16ed080b80a42588b8aeb52ebec47ab7a ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	ScriptElement	476 kB	2025-06-22	2025-06-22
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-22 15:36 Last Seen2025-06-22 15:36 Times Seen1 Hash 75ad44f2f273f18e7d82a01573954195 40f638a4cee1c470d3f1c101b11c1d774f26d070 62d8b5faf1d3787fe94953d75af41bea9aa3c816750d4926f0b61809081d8323 Loading...

	v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.vue-notification-575f3ba7.js	ScriptElement	13 kB	2025-06-18	2025-06-24
Pretty URL v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.vue-notification-575f3ba7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-24 13:26 Times Seen43 Hash cd9839620a2ba08dedf86ba42ab5a0ae 33979ec3abb619aeb258d50931e5319e41ca3fc8 11a8211423bdc49f5ba7982a50224bb69d82c8d459d69eff9f69b10e5c5618dc Loading...

	1xlite-87523.bar/en/block	Function	47 B	2023-04-14	2025-06-28
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-06-28 02:34 Times Seen5483 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	1xlite-87523.bar/main-static/61792ac9/check-ob.js	ScriptElement	219 B	2024-07-17	2025-06-28
Pretty URL 1xlite-87523.bar/main-static/61792ac9/check-ob.js IP 91.186.206.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-17 14:33 Last Seen2025-06-28 02:34 Times Seen1818 Hash c065700c9c8c493403359e1f2baa10d9 4630fe729e70bdf63fa7ba6c84ec277fd1f51030 1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4 Loading...

	1xlite-87523.bar/en/block	ScriptElement	1.7 kB	2025-06-19	2025-06-24
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-19 13:18 Last Seen2025-06-24 06:35 Times Seen27 Hash d944bdc1634c6478ad6a33694e05f103 f6ac0456ab8e9e177373822afbae7e7b0d9cb0a3 1b1eefa518d5632376e0d3a493ef560a3679022ad05ee96385e6e5970fd543da Loading...

	1xlite-87523.bar/en/block	Function	84 kB	2025-06-17	2025-06-24
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2025-06-17 06:36 Last Seen2025-06-24 12:47 Times Seen109 Hash 6d765d37dbe6461986f7fe26652a76f6 30bc12138b3199a169863d8e43211d654ccf4e33 f144c1a76ff9b21c5b929511f27e4c7f6b5c2b97db08e14943a2bcc06d019bb7 Loading...

	1xlite-87523.bar/en/block	Function	47 B	2023-04-14	2025-06-28
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-06-28 02:34 Times Seen5484 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/eee81f490f.js	ImportedModule	4.1 kB	2025-06-18	2025-06-24
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/eee81f490f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-24 23:34 Times Seen49 Hash f7165652388e4db8492b0c5cef873911 bb21320a39643361100fe8e11e4b5446873130be 68aafd61544b4d0566b7ca8faa7281f9887cc0416a8381aff01f27a00dea7c1c Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js	ImportedModule	21 kB	2025-05-14	2025-06-28
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-06-28 02:34 Times Seen699 Hash 3cf0cae38afae9add22f7884e5061231 2a41037501375a439385a76a047876619683418f 322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d Loading...

	1xlite-87523.bar/en/block	Function	44 B	2023-04-14	2025-06-28
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-06-28 02:34 Times Seen5487 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	1xlite-87523.bar/en/block	Eval	2.6 kB	2025-05-29	2025-06-27
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-05-29 01:53 Last Seen2025-06-27 20:05 Times Seen392 Hash 5236f6ffdc0b23f0b4a458e72ccc2e96 e312439a042f4c726d9566784a0783f5b66f86e9 ed52fb4838e482b45678a5ac8ab73644c4ea46d6a9ac659c20219094e1fdf5d3 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js	ImportedModule	1.2 kB	2025-05-14	2025-06-28
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-06-28 02:34 Times Seen699 Hash 7e76c08e7f16815131a5f13a10c1efba 5f800877b78a0713157fe119bc1a2d9a260f72e1 c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc Loading...

	www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500	ScriptElement	306 kB	2025-06-22	2025-06-22
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-22 15:36 Last Seen2025-06-22 15:36 Times Seen1 Hash 1be93fd192ea2209b7957f8e0d4d9271 3bf807b9189569b6100460af18ecbd69f027fe25 0649b551c7a42c3409312ab8c46a1b2f8ff9f9424bf5b82b4574f9529c7dd770 Loading...

	v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_5c24ba743a.js	ImportedModule	817 kB	2025-06-18	2025-06-25
Pretty URL v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_5c24ba743a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-25 08:27 Times Seen93 Hash 4bb8bffafb3327285627b1dae0860967 b8094e5f1f11335457d2fdd02691d4027f1b327d 348838080c75e34f5eb56571c8fdfcc5b4dde47011dd6eaa645de6bfdef4fc01 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ad31aef0b1.js	ImportedModule	864 B	2025-06-18	2025-06-23
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ad31aef0b1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-23 06:30 Times Seen32 Hash 9f763cf109976cc240a688471df28e0f c97a82b72d54e5a4c96cb18df28b475fd7052ec6 ef6f9e80182014cdb24807ec43e59544eef8c3147dd6cf0300f135da0751828d Loading...

	1xlite-87523.bar/en/block	ScriptElement	6.4 kB	2025-06-19	2025-06-23
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-19 13:18 Last Seen2025-06-23 06:30 Times Seen11 Hash d14acb174ae6ebd2295644c36eb6ab1f 76db502e8b67d94c7614838b3bbbba48b1afa4ad 2186fd03dc3041a856652cd3b5322e9489d775f50953df94251073d1b80643f8 Loading...

	1xlite-87523.bar/en/block	DomTimer	10 B	2024-09-21	2025-06-28
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by domTimer Embedded in HTML false Observations First Seen2024-09-21 15:04 Last Seen2025-06-28 02:34 Times Seen1435 Hash 01f4b51b4ba7edd00ad9f0a22259f06e 00723d0eda4be61a7b1c542b0a08a94a94a60017 9fdac1c31a22f55dbb8ca225ee28c3f7e88b41cce82968af0018c9f8b3bd35ba Loading...

	v3.traincdn.com/main-static/61792ac9/desktop/default/runtime-cd8ceb8c.js	ScriptElement	19 kB	2025-06-19	2025-06-24
Pretty URL v3.traincdn.com/main-static/61792ac9/desktop/default/runtime-cd8ceb8c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-19 13:18 Last Seen2025-06-24 06:35 Times Seen29 Hash 0c1e265007df3ccc1bfbb4e444f10864 6edfb32039115a1bca7fe2688e05ef5148161b20 2fd8c3b077e2109d70e3ee2ae9c473cb7246bcd8f7a13fa231fda3db7d7a8fb6 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/42e926c49f.js	ImportedModule	27 kB	2025-06-18	2025-06-23
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/42e926c49f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-23 06:30 Times Seen32 Hash 504f2defe47d7dcd76a50fb013383a5b c7e28c0b6b38045fe591196ffba3a7160b616e4c 399185c4fc4c505a4ca99d6db0a5b8e8bd65e6023c717a41140cdcb2e08b07ab Loading...

	v3.traincdn.com/main-static/61792ac9/desktop/default/analytics-b12a340a.js	ScriptElement	7.1 kB	2025-06-18	2025-06-27
Pretty URL v3.traincdn.com/main-static/61792ac9/desktop/default/analytics-b12a340a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-27 20:05 Times Seen98 Hash 0476efbe1451fd71519c7f60c568fe4d ab2d3cce3bb806dfa188907ddd87c91417ca49ec eb81418418bec2a1509e56bf173bcbcc232ecc653c19229a6917d97ce63a2cda Loading...

	1xlite-87523.bar/en/block	Function	96 B	2023-12-06	2025-06-28
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-06-28 02:34 Times Seen3393 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.vue-js-modal-b80265ab.js	ScriptElement	27 kB	2025-06-18	2025-06-24
Pretty URL v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.vue-js-modal-b80265ab.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-24 13:26 Times Seen43 Hash da8dc1b4d54f9f5b1506c35e1d00139a 5ac224f85c17f285fba374f44928919105abfafd 0d86bef88dc869371df25bc4fb4d9e51586a935b9124d95e089fbaedafec4a7c Loading...

	v3.traincdn.com/main-static/61792ac9/desktop/default/DC-10710285.js	ScriptElement	2.7 kB	2025-06-18	2025-06-24
Pretty URL v3.traincdn.com/main-static/61792ac9/desktop/default/DC-10710285.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-24 13:26 Times Seen43 Hash 8456a4c93bdea57b5386e8925733e535 306f451ed2b4fe561c3288766ae845436fd33284 26f97be768fee91730f47a7194021fa49b113dc81d060a2a470581e215fcbeab Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	ScriptElement	343 kB	2025-06-22	2025-06-22
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-22 15:36 Last Seen2025-06-22 15:36 Times Seen1 Hash ea4b54b63fe142484c29840e25bfba26 92f231159bd230e8e97205b378965c0934d61ac5 17c6fd6c868bd1447713385996766038059b4294fb0fff30a8aa8d6ba6cc55e1 Loading...

	1xlite-87523.bar/en/block	Function	292 kB	2025-06-22	2025-06-22
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2025-06-22 15:36 Last Seen2025-06-22 15:36 Times Seen1 Hash f17c4c5f82d28db86042852bf7fef805 f867a05693569961adf32a6523318d1475dff342 35351da969e9a9488138c3cf7c1afde5e789257a38436c0a79009835699ab4f6 Loading...

	radar.cedexis.com/1/23802/radar.js	ScriptElement	390 B	2024-02-13	2025-06-28
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23 Last Seen2025-06-28 02:34 Times Seen2613 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500	ScriptElement	356 kB	2025-06-22	2025-06-22
Pretty URL www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-22 15:36 Last Seen2025-06-22 15:36 Times Seen1 Hash 0f6567e19f5bb42371b708443218ea80 868be61a9297091019449aa08c19620a4821e731 051be56b836b893d21981b8205ae883d4fe5574ea7cef77a85a12deae774b0cd Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500	ScriptElement	476 kB	2025-06-22	2025-06-22
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-22 15:36 Last Seen2025-06-22 15:36 Times Seen1 Hash b65a8f2691d5f91a32a6d23b6781ecf7 d3981e517403683f487cc7d7c5c10731f8e7b795 36ed156113dde3a444777a939e045c1389fc766d4fff8db89dc32749eb64abca Loading...

	1xlite-87523.bar/en/block	ScriptElement	206 kB	2025-06-22	2025-06-22
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-22 15:36 Last Seen2025-06-22 15:36 Times Seen1 Hash a0e4012234de3646c80f219b62b21a37 eaaf0abddeec55e17819b4b7a7c9de97a8eb6449 b64a247edeaa35bc8702a0d018681860f82a96c7bb40eccb4d3e53786e1f1ce5 Loading...

	v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.v-tooltip-19a74e7d.js	ScriptElement	77 kB	2025-06-18	2025-06-24
Pretty URL v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.v-tooltip-19a74e7d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-24 13:26 Times Seen43 Hash fa1e03b13da82d855a5e808376231ce2 0ee034839962803578266cbec3009100a0ebec46 4777d3418e37ffbaee26e5371e815755110def6987a7d178e4cc79df42922c59 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/9d4f48c82e.js	ImportedModule	2.4 kB	2025-06-18	2025-06-23
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/9d4f48c82e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-23 06:30 Times Seen32 Hash 9cc6c128dcc8a510fc6d01ad3e0e035a c9689aaf76a0e1bd0e142345fd0ee9c8d88a7291 b1ee9fd385cd9ce2fddec3ac6af9e184f0c6ef04ee113da65f0c129dcaff72e0 Loading...

	1xlite-87523.bar/captcha-api/assets/hunt-captcha.js	ScriptElement	86 kB	2025-06-17	2025-06-24
Pretty URL 1xlite-87523.bar/captcha-api/assets/hunt-captcha.js IP 91.186.206.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-17 06:36 Last Seen2025-06-24 12:47 Times Seen109 Hash 7c8fa1a657a274f5569fac4989528cc9 43509c7a4e32e8075147e66ee58afdc5efa58ef9 4777207c1a8f6c4a33f5c41d15f9ca068c54193af6c76f586dbc292cf04cea50 Loading...

	data:text/javascript,export const meta = import.meta;	ScriptElement	32 B	2023-12-06	2025-06-28
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-06-28 02:34 Times Seen3393 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/164e07c960.js	ImportedModule	147 B	2025-06-18	2025-06-23
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/164e07c960.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-23 06:30 Times Seen32 Hash d7e3795e2ecd0e90332c12c6ffed858e 89071395e5037d8a325dc68427a40925b2472db0 be6700b7e6e5998743921d1abfb511a4bc4023c3bdc5fdb0d7128ab5c1d1cb62 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e51c24c8ac.js	ScriptElement	3.9 kB	2025-06-18	2025-06-23
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e51c24c8ac.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-23 06:30 Times Seen32 Hash bb033fb223aa7b54248f6272392312dd f7d5bd65a89f494cafc91ead618b32ac124e4764 cea19f93dd8cb316d74d251619e24ccee56002bc87cf5fb6fb452cb62133dbfe Loading...

	1xlite-87523.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js	ScriptElement	760 B	2025-05-21	2025-06-28
Pretty URL 1xlite-87523.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js IP 91.186.206.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-21 09:35 Last Seen2025-06-28 02:34 Times Seen651 Hash 0b911773e0df627d77f8306c86e228aa 0d584bb1a3294e4fe42df4582dcc8a2c8f77f7bb 01e4926540498a77d866259516007d41fae1213ab9607db826f011d926fd6006 Loading...

	mc.yandex.ru/metrika/tag.js	ScriptElement	244 kB	2025-06-12	2025-06-24
Pretty URL mc.yandex.ru/metrika/tag.js IP 77.88.21.119 ASN #13238 YANDEX LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-12 07:56 Last Seen2025-06-24 01:08 Times Seen170 Hash c89a2181249bbc3bd25c1854ee0e1d17 da4b9d7990aebc5f3c9c9e35f9dce2aa350655b6 4412a4dbfeca169b3047b06889b9249b5a915e44d3892c87fcc145b660142adb Loading...

	v3.traincdn.com/main-static/61792ac9/desktop/default/commons/app-4b82fdd3.js	ScriptElement	138 kB	2025-06-18	2025-06-27
Pretty URL v3.traincdn.com/main-static/61792ac9/desktop/default/commons/app-4b82fdd3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-27 20:05 Times Seen100 Hash 868af65a31d095c2a360f8a5e94425bc 59e94cfde197cb7fbf844717ae7083f35a44e3a4 ab24c1b9022a49c40e590b7fdd6b471a627b1eaf389ab3f5f605ae794fdb8c53 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js	ImportedModule	30 kB	2025-05-14	2025-06-28
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-06-28 02:34 Times Seen699 Hash 02cf95f00794b77df34632e34a59c5be b64889fb6cbe78a141688ea761a627997ef8a8af bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83 Loading...

	1xlite-87523.bar/en/block	Eval	305 kB	2025-06-22	2025-06-22
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-06-22 15:36 Last Seen2025-06-22 15:36 Times Seen1 Hash 5142792bf3b24c1d5b984b4868ff0311 d3e17ff6a62040410383fd949c5a8eda84de61bb b3fa2c53d5668ac35608942c9624525e18044feb804cf43008c1208c6368dc8d Loading...

	1xlite-87523.bar/en/block	Function	34 B	2023-04-14	2025-06-28
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-06-28 02:34 Times Seen5496 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/app-b161080e.js	ScriptElement	1.4 MB	2025-06-19	2025-06-24
Pretty URL v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/app-b161080e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-19 13:18 Last Seen2025-06-24 09:06 Times Seen31 Hash 59800506d8ed60811509c8061d8c8583 5e3d13ec4764ffab0ec0f7a7f7ff1590e6158455 10c5554c33de58fc57b64609c0846dc3b73fd2b68f228fd9ad0b1f5d63a346da Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js	ImportedModule	1.3 kB	2025-05-14	2025-06-28
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-06-28 02:34 Times Seen699 Hash e3f1c4089db6b910890e85d97a2e2066 85828920da3c3fd7856acde184e835ac314295cd 6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js	ImportedModule	159 kB	2025-05-14	2025-06-28
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-06-28 02:34 Times Seen699 Hash 1da464d70e78b04b9b808e82e4ad9487 0c79e65516d1525ecb43d13cfb4ccb0631095a28 b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/45f1770114.js	ImportedModule	1.2 kB	2025-06-18	2025-06-24
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/45f1770114.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-24 23:34 Times Seen49 Hash bf50b784620ed417a811a29b93c1674b 72cbca9b31debe6d7bda2a2c553edd8e5c5ff44e 2bcf4abc801d0b74d8f38af2b71a8572856fc612af519a57b56f78247367474a Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js	ImportedModule	865 B	2025-05-14	2025-06-28
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-06-28 02:34 Times Seen699 Hash 0af3fe0c072a5bb3b6c731767187982f 55db5afb57265dc92fd121fe9ae565ffb2f53b2c 655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/fd6ab89fd4.js	ScriptElement	1.2 kB	2025-06-18	2025-06-23
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/fd6ab89fd4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-23 06:30 Times Seen32 Hash 50906dd89561b1e7e6bf82539677960c 3f22a7d92fe79d7a3cd734159da6681449296ccb 02894d09ead719d04eedd68eaf741e57886145abd86d15e3e704166f8bf4d38a Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/568bd9aa90.js	ImportedModule	2.0 kB	2025-06-18	2025-06-23
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/568bd9aa90.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-23 06:30 Times Seen32 Hash 9f379aa49c0fb5d6828f564408b9fa57 e6859ec87a16384f10f182d45fbcb2d952889e93 98d109da6adb8de563bc66a66306a3c9e9a8fb7acbc88e210165da8e6f47300f Loading...

	1xlite-87523.bar/hd-api/external/assets/hdf.js	ScriptElement	4.1 kB	2025-06-05	2025-06-28
Pretty URL 1xlite-87523.bar/hd-api/external/assets/hdf.js IP 91.186.206.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-05 12:46 Last Seen2025-06-28 02:34 Times Seen416 Hash 40eaa62ed21bd753172f4c307e2a41d0 f7b03c6b004562311c8ca00466179629738b2a40 60fed8cb321dc09e4e1d910b5822bd8f67d53d0962a41ddc9f5ac33edd4e2213 Loading...

	v3.traincdn.com/main-static/61792ac9/desktop/default/Betting.Core-27e1268d.js	ScriptElement	2.0 kB	2025-06-19	2025-06-24
Pretty URL v3.traincdn.com/main-static/61792ac9/desktop/default/Betting.Core-27e1268d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-19 13:18 Last Seen2025-06-24 06:35 Times Seen29 Hash 05df4d064aa615aa90a8c03804b1a8d4 243b47dad517a68ca94212b6fc25170f2326c8d3 e1e56dada08aacab84b50ed15c2cb9fda4b31101143780738e26a762357f470a Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js	ImportedModule	19 kB	2025-05-14	2025-06-28
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-06-28 02:34 Times Seen699 Hash 1580a3cfe81fd30910a49dfe64cc8e7b 314144dc49595482ba46c0b85b38d5f73ef73a7b 8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035 Loading...

	1xlite-87523.bar/en/block	Function	39 B	2023-04-14	2025-06-28
Pretty URL 1xlite-87523.bar/en/block IP 91.186.206.107 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-06-28 02:34 Times Seen5489 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/main-static/61792ac9/desktop/default/app-cd8079b5.js	ScriptElement	505 kB	2025-06-19	2025-06-24
Pretty URL v3.traincdn.com/main-static/61792ac9/desktop/default/app-cd8079b5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-19 13:18 Last Seen2025-06-24 06:35 Times Seen29 Hash 876917bb52b2a485ba55cbefb6ad83ac b31f0410ae524edfcfddd7804885f29990857245 712de7eb9b77c503da829227b99bf078234473d2f214bf4302878f3830fd72b9 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-f161b37ed6.js	ScriptElement	21 kB	2025-06-18	2025-06-23
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-f161b37ed6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 17:35 Last Seen2025-06-23 06:30 Times Seen32 Hash f5cdb4f31f025ebc20061834b1c8c497 d411ed0e68449a002f48537732336b8bb7624438 9d0a4a8960a6379b5dee32f6111d95ab742fd031a0edcc069f5b7b19d3195c9e Loading...

HTTP Transactions (112)

URL IP Response Size

GET v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js

185.244.209.62

200 OK

159 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65509)
Size
159 kB (158815 bytes)
Hash
1da464d70e78b04b9b808e82e4ad9487
0c79e65516d1525ecb43d13cfb4ccb0631095a28
b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595

HTTP Headers

GET /sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-fff67e4017769b43e6f85c5354e21f3a-bb63433a94d19061-01
last-modified: Fri, 20 Jun 2025 14:13:24 GMT
etag: W/"1da464d70e78b04b9b808e82e4ad9487"
x-amz-meta-mtime: 1750428765.962144752
content-encoding: gzip
expires: Sun, 22 Jun 2025 08:09:02 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26275
cache: HIT
x-cached-since: 2025-06-22T08:17:47+00:00
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56g0v897130004za200zb9180563600&_p=1750606552934&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&cid=807345694.1750606554&ecid=1038920089&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1750606553&sct=1&seg=0&dl=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&dr=https%3A%2F%2Fluckyforbet.com%2F&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18199

216.239.32.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56g0v897130004za200zb9180563600&_p=1750606552934&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&cid=807345694.1750606554&ecid=1038920089&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1750606553&sct=1&seg=0&dl=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&dr=https%3A%2F%2Fluckyforbet.com%2F&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18199
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56g0v897130004za200zb9180563600&_p=1750606552934&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&cid=807345694.1750606554&ecid=1038920089&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1750606553&sct=1&seg=0&dl=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&dr=https%3A%2F%2Fluckyforbet.com%2F&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18199 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-87523.bar
date: Sun, 22 Jun 2025 15:35:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET 1xlite-87523.bar/seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-87523.bar

91.186.206.107

200 OK

105 B

URL GET
1xlite-87523.bar/seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-87523.bar
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JSON text data
Size
105 B (105 bytes)
Hash
6abfe5f6641fddde82c2ca29cf5c6a7a
958379bc84073d266358a27b3cf86b15484f5f6d
ede01772dfd8da2cc82f245e454ce360b2ceb13b7d1c330bbc1d68fe41255c19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-87523.bar HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; postback_watcher=; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
content-length: 107
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en6d0e5d6e0146a49c358c0eaad1d2ef38
age: 962
x-request-id: b11b45aa12bcd6bfec9d928d618e4c08
x-request-guid: b11b45aa12bcd6bfec9d928d618e4c08
content-encoding: br
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.8720626831055, wf-uht;dur=0.014
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-f161b37ed6.js

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-f161b37ed6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20628)
Size
21 kB (21168 bytes)
Hash
f5cdb4f31f025ebc20061834b1c8c497
d411ed0e68449a002f48537732336b8bb7624438
9d0a4a8960a6379b5dee32f6111d95ab742fd031a0edcc069f5b7b19d3195c9e

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-f161b37ed6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-14c14d3203fb541f3515396973ab75b5-9c6afc7810a4ba3c-01
last-modified: Wed, 18 Jun 2025 13:47:11 GMT
etag: W/"f5cdb4f31f025ebc20061834b1c8c497"
x-amz-meta-mtime: 1750254148.965235089
content-encoding: gzip
expires: Thu, 19 Jun 2025 13:50:14 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5554
cache: HIT
x-cached-since: 2025-06-22T14:03:08+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json

185.244.209.62

200 OK

1.1 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.1 kB (1085 bytes)
Hash
338264fc869e8f0b86b0d6c9d92102b0
83b4d35816df0e1486b766251e74d23f28b77824
015355a44429f40dd63b566dd1e9b1b76af3dfa28dcd25a43e82820ba0847b8d

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json
traceparent: 00-6ce19c82aab62d0b4b369dc7e5e9be0a-baccc1f411fa2d1a-01
last-modified: Thu, 16 May 2024 19:05:13 GMT
etag: W/"338264fc869e8f0b86b0d6c9d92102b0"
content-encoding: gzip
expires: Thu, 16 Jan 2025 11:19:55 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 858
cache: HIT
x-cached-since: 2025-06-22T15:21:25+00:00
X-Firefox-Spdy: h2

GET radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

390 B

URL GET
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
390 B (390 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 22 Jun 2025 15:35:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:51:01 GMT
Vary: Accept-Encoding
ETag: W/"65c9ea05-186"
Expires: Sun, 06 Jul 2025 15:35:53 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

GET mc.yandex.com/watch/22934032/1?wmode=7&page-url=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&page-ref=https%3A%2F%2Fluckyforbet.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ai3icr3vaukfptwrwd2g3ha7bh00r%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2091%3Acn%3A1%3Adp%3A0%3Als%3A954314459275%3Ahid%3A277369142%3Az%3A0%3Ai%3A20250622153553%3Aet%3A1750606553%3Ac%3A1%3Arn%3A676235380%3Arqn%3A1%3Au%3A1750606553729069592%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A1109%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C444%2C0%2C%2C552%2C10%2C2027%2C2027%2C0%2C1111%3Aco%3A0%3Acpf%3A1%3Ans%3A1750606540635%3Arqnl%3A1%3Ast%3A1750606553%3At%3A1xBet&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29&redirnss=1

77.88.21.119

200 OK

653 B

URL GET
mc.yandex.com/watch/22934032/1?wmode=7&page-url=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&page-ref=https%3A%2F%2Fluckyforbet.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ai3icr3vaukfptwrwd2g3ha7bh00r%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2091%3Acn%3A1%3Adp%3A0%3Als%3A954314459275%3Ahid%3A277369142%3Az%3A0%3Ai%3A20250622153553%3Aet%3A1750606553%3Ac%3A1%3Arn%3A676235380%3Arqn%3A1%3Au%3A1750606553729069592%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A1109%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C444%2C0%2C%2C552%2C10%2C2027%2C2027%2C0%2C1111%3Aco%3A0%3Acpf%3A1%3Ans%3A1750606540635%3Arqnl%3A1%3Ast%3A1750606553%3At%3A1xBet&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29&redirnss=1
IP
77.88.21.119:443
ASN
#13238 YANDEX LLC

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGlobalSign nv-sa
Subjectmc.yandex.ru
Fingerprint6C:98:CD:97:92:D2:EE:63:A5:D3:A7:DC:CA:54:8E:30:28:C5:79:64
ValidityWed, 19 Mar 2025 21:10:40 GMT - Fri, 29 Aug 2025 20:59:59 GMT

File type
JSON text data
Size
653 B (653 bytes)
Hash
0b7efd183df7aafdb3088c04e6dc94c8
23b89b228c33e3fe6dc02f091b6ae582fa2dd17b
94686afd32cdf662782f00ceac9035c4afe2ad362ec7c55a4858849911b9c1b4

HTTP Headers

GET /watch/22934032/1?wmode=7&page-url=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&page-ref=https%3A%2F%2Fluckyforbet.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ai3icr3vaukfptwrwd2g3ha7bh00r%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2091%3Acn%3A1%3Adp%3A0%3Als%3A954314459275%3Ahid%3A277369142%3Az%3A0%3Ai%3A20250622153553%3Aet%3A1750606553%3Ac%3A1%3Arn%3A676235380%3Arqn%3A1%3Au%3A1750606553729069592%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A1109%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C444%2C0%2C%2C552%2C10%2C2027%2C2027%2C0%2C1111%3Aco%3A0%3Acpf%3A1%3Ans%3A1750606540635%3Arqnl%3A1%3Ast%3A1750606553%3At%3A1xBet&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29&redirnss=1 HTTP/1.1
Host: mc.yandex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
Referer: https://1xlite-87523.bar/
DNT: 1
Connection: keep-alive
Cookie: yabs-sid=90906341750606553; i=A/6WjUiBuJDnuLIUGL4GIhOC8zMN4Hqjls6fryZKqQoaX5Ue2YRmJHGVOIl7ahZPG3iHwm2J3pH+DbKacrAhYlNAfZE=; yandexuid=3719534051750606553; yuidss=3719534051750606553; ymex=1782142553.yrts.1750606553#1782142553.yrtsi.1750606553; bh=YNnF4MIGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 653
x-content-type-options: nosniff
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
last-modified: Sun, 22-Jun-2025 15:35:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
pragma: no-cache
expires: Sun, 22-Jun-2025 15:35:53 GMT
access-control-allow-origin: https://1xlite-87523.bar
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/Page.Block-e69ac7e3.js

185.244.209.62

200 OK

476 B

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/Page.Block-e69ac7e3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (476), with no line terminators
Size
476 B (476 bytes)
Hash
c87f54df5a69769e626d975089e6f1d4
d63b1d8931e2fd9151032a5f2c0c155f23e4d6d4
b968bc21d59d3bf276ae39c19612ceb1235e221b19f74d6c921043af36157f78

HTTP Headers

GET /main-static/61792ac9/desktop/default/Page.Block-e69ac7e3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/javascript; charset=utf-8
content-length: 476
traceparent: 00-99aeea492a7f64f4ac380a59b88530c5-85e53e67b78f6d82-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: "c87f54df5a69769e626d975089e6f1d4"
x-amz-meta-mtime: 1750336529.987595219
expires: Fri, 20 Jun 2025 13:08:51 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8127
cache: HIT
x-cached-since: 2025-06-22T13:20:14+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json

185.244.209.62

200 OK

747 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
747 B (747 bytes)
Hash
f4e90636ec9cff061c4301b3cefdd0d6
c506efe9c3672c58434ea10021dab0ad81b1ad98
30666f138ccc12735e2f8a6405ddce4a3d8756b9445e3b2732fa2970f14dbcea

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
content-length: 747
traceparent: 00-8f95880719ac251b449dbb04e8494ed6-24a83f4607e1a5cb-01
last-modified: Thu, 27 Feb 2025 13:26:35 GMT
etag: "f4e90636ec9cff061c4301b3cefdd0d6"
expires: Thu, 27 Feb 2025 15:00:05 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 82
cache: HIT
x-cached-since: 2025-06-22T15:34:20+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

POST 1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

91.186.206.107

200 OK

23 B

URL POST
1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
709ac65b1dcef76a4a61fd5d474b8c6a
c052a28c6da7bdf554172971e5be99c5603fdb37
51e1926a390bbc71a7018b9f9f169044ecb96f82538f02b9c1e2ff9136debbfa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: afe489ba-20c7-4bb2-944a-2a9bfdc786e4
Content-Length: 119
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; postback_watcher=; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1280; che_g=2738350c-2a24-77d9-aee2-80e687305a05
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.005, wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json

185.244.209.62

200 OK

328 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
328 B (328 bytes)
Hash
4347fc050ebe622e30a7bf78a213b5a0
c05b3b571980b01ff9f07e6adc1c29c58be70bd1
ed1b1193a248bf273141c31b7f74dd1224416b3757e5a71f2e7d579c50d65d57

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json
content-length: 328
traceparent: 00-b1b7c2211b9cafa93a7773027786f1aa-52f2c5ec0823e373-01
last-modified: Thu, 27 Feb 2025 10:51:50 GMT
etag: "4347fc050ebe622e30a7bf78a213b5a0"
expires: Thu, 27 Feb 2025 12:17:56 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 858
cache: HIT
x-cached-since: 2025-06-22T15:21:25+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/568bd9aa90.js

185.244.209.62

200 OK

2.0 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/568bd9aa90.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1967)
Size
2.0 kB (1968 bytes)
Hash
9f379aa49c0fb5d6828f564408b9fa57
e6859ec87a16384f10f182d45fbcb2d952889e93
98d109da6adb8de563bc66a66306a3c9e9a8fb7acbc88e210165da8e6f47300f

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/568bd9aa90.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-34a5a86636bc3dddf39c0c8d74cdfc99-ca1f99bdcd6e9dc2-01
last-modified: Wed, 18 Jun 2025 13:47:11 GMT
etag: W/"9f379aa49c0fb5d6828f564408b9fa57"
x-amz-meta-mtime: 1750254148.956234791
content-encoding: gzip
expires: Thu, 19 Jun 2025 13:50:23 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5554
cache: HIT
x-cached-since: 2025-06-22T14:03:09+00:00
X-Firefox-Spdy: h2

POST 1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

91.186.206.107

200 OK

2 B

URL POST
1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: afe489ba-20c7-4bb2-944a-2a9bfdc786e4
Content-Length: 19
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; postback_watcher=; auid=W7rOa2hYIs1l+8aJBCwOAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
content-length: 2
x-dt: 285
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.091, wf-uht;dur=0.032
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json

185.244.209.62

200 OK

241 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
241 B (241 bytes)
Hash
39257fbb62736206d5245e08925d7b60
4c11e3cb6a16b884772b88acdba30a2ad98e86b8
3a3cf0f5c60899ffb49d9825516aec475fd7b78cea8ae0b5b58dfb4e658f041e

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json
content-length: 241
traceparent: 00-f6ed3a03495ee8d7f236288f986ffba7-8ceee50f55c5e647-01
last-modified: Thu, 27 Feb 2025 13:24:25 GMT
etag: "39257fbb62736206d5245e08925d7b60"
expires: Thu, 27 Feb 2025 14:48:35 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 858
cache: HIT
x-cached-since: 2025-06-22T15:21:25+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET mc.yandex.ru/metrika/tag.js

77.88.21.119

200 OK

244 kB

URL GET
mc.yandex.ru/metrika/tag.js
IP
77.88.21.119:443
ASN
#13238 YANDEX LLC

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGlobalSign nv-sa
Subjectmc.yandex.ru
Fingerprint6C:98:CD:97:92:D2:EE:63:A5:D3:A7:DC:CA:54:8E:30:28:C5:79:64
ValidityWed, 19 Mar 2025 21:10:40 GMT - Fri, 29 Aug 2025 20:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (675)
Size
244 kB (243785 bytes)
Hash
c89a2181249bbc3bd25c1854ee0e1d17
da4b9d7990aebc5f3c9c9e35f9dce2aa350655b6
4412a4dbfeca169b3047b06889b9249b5a915e44d3892c87fcc145b660142adb

HTTP Headers

GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 81150
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
timing-allow-origin: *
last-modified: Thu, 19 Jun 2025 12:44:59 GMT
content-encoding: br
expires: Sun, 22 Jun 2025 16:35:53 GMT
access-control-allow-origin: *
content-type: application/javascript
cache-control: max-age=3600
date: Sun, 22 Jun 2025 15:35:53 GMT
set-cookie: _yasc=zZbon/VCCn5unmE3Z/BfxdvNJeTzb39n3l6WF6KH6KkHmE/Z0VbIHgFW0Bxu5zs64jQ=; domain=.yandex.ru; path=/; expires=Wed, 20 Jun 2035 15:35:53 GMT; secure
i=YBMXBdGUnwIXBzPi4IvHI8nmsgqzTQpXytRXBBEGBYtKo7D1Q8J0G/lW4SFBRJltwn2jNJ7Z4fRPu9/KMIQQT1keLe0=; Expires=Tue, 22-Jun-2027 15:35:53 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=5318962481750606553; Expires=Tue, 22-Jun-2027 15:35:53 GMT; Domain=.yandex.ru; Path=/; Secure; SameSite=None
yashr=3214077991750606553; Path=/; Domain=.yandex.ru; Expires=Mon, 22 Jun 2026 15:35:53 GMT; SameSite=None; Secure; HttpOnly
bh=YNnF4MIGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.yandex.ru; Expires=Mon, 27 Jul 2026 15:35:53 GMT; SameSite=None; Secure
strict-transport-security: max-age=31536000
etag: "6854064b-13cfe"
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.3 kB (1342 bytes)
Hash
499d57f89b2bf5fed52d984d865fd72c
f3dd138886f2c1e257d3ac2214b7e3cba57e56b2
9467cf5576ce2a97d9e44e53915a9c4ae529c134cc1ea5a3c62ea304eebda0c8

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json
traceparent: 00-9de80633a189b4bd8b01f8779149441a-f06e3b781aa1b0db-01
last-modified: Thu, 27 Feb 2025 08:17:13 GMT
etag: W/"499d57f89b2bf5fed52d984d865fd72c"
content-encoding: gzip
expires: Thu, 27 Feb 2025 11:06:29 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 858
cache: HIT
x-cached-since: 2025-06-22T15:21:25+00:00
X-Firefox-Spdy: h2

GET refpamjeql.top/L?tag=d_85563m_4096c_[]MS[]null[]null[]general[]{site_id}_d22490_l15727_clickunder&site=85563&ad=4096

45.135.120.31

303 See Other

274 kB

URL User Request GET
refpamjeql.top/L?tag=d_85563m_4096c_[]MS[]null[]null[]general[]{site_id}_d22490_l15727_clickunder&site=85563&ad=4096
IP
45.135.120.31:443
ASN
#56630 Melbikomas UAB

Certificate
IssuerLet's Encrypt
Subjectrefpamjeql.top
Fingerprint83:81:FE:BA:52:2B:76:6B:B2:1D:F2:D9:9C:47:2A:49:C6:18:61:B8
ValidityMon, 14 Apr 2025 05:21:37 GMT - Sun, 13 Jul 2025 05:21:36 GMT

File type

Size
274 kB (273799 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /L?tag=d_85563m_4096c_[]MS[]null[]null[]general[]{site_id}_d22490_l15727_clickunder&site=85563&ad=4096 HTTP/1.1
Host: refpamjeql.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://luckyforbet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
server: nginx
date: Sun, 22 Jun 2025 15:35:40 GMT
location: https://1xlite-87523.bar:443/en?tag=d_85563m_4096c_[]MS[]null[]null[]general[]{site_id}_d22490_l15727_clickunder
set-cookie: A_4096_v=0; expires=Mon, 23 Jun 2025 15:35:40 GMT; path=/; secure
A_4096_c=1; expires=Mon, 23 Jun 2025 15:35:40 GMT; path=/; secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.001
X-Firefox-Spdy: h2

GET 1xlite-87523.bar/en/block

91.186.206.107

203 Non Authoritative

274 kB

URL User Request GET
1xlite-87523.bar/en/block
IP
91.186.206.107:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
HTML document, ASCII text, with very long lines (53869)
Size
274 kB (273799 bytes)
Hash
819978a353e03b8a3fe2c92a92f2ee14
8d4a9d297fc554a842dae35a4c6383d7f8c7c362
adca8ffac5ab84a2d03122db93af7a670ef8d59621ec23db82fd78d35896051d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/block HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckyforbet.com/
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; postback_watcher=; auid=W7rOa2hYIs1l+8aJBCwOAg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 203 Non Authoritative
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/html; charset=utf-8
content-length: 273799
accept-ranges: none
server-timing: dt_total;dur=0.003, total;dur=45;desc="Nuxt Server Time"
set-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.v-tooltip-19a74e7d.js

185.244.209.62

200 OK

77 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.v-tooltip-19a74e7d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
77 kB (76622 bytes)
Hash
fa1e03b13da82d855a5e808376231ce2
0ee034839962803578266cbec3009100a0ebec46
4777d3418e37ffbaee26e5371e815755110def6987a7d178e4cc79df42922c59

HTTP Headers

GET /main-static/61792ac9/desktop/default/vendors/plugins.v-tooltip-19a74e7d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-d13098660601ac1211f229443c1d6ca7-8987b9fab665078c-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"fa1e03b13da82d855a5e808376231ce2"
x-amz-meta-mtime: 1750336530.007595283
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:38 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8566
cache: HIT
x-cached-since: 2025-06-22T13:12:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/analytics-b12a340a.js

185.244.209.62

200 OK

7.1 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/analytics-b12a340a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7104), with no line terminators
Size
7.1 kB (7104 bytes)
Hash
0476efbe1451fd71519c7f60c568fe4d
ab2d3cce3bb806dfa188907ddd87c91417ca49ec
eb81418418bec2a1509e56bf173bcbcc232ecc653c19229a6917d97ce63a2cda

HTTP Headers

GET /main-static/61792ac9/desktop/default/analytics-b12a340a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-b22eb2e0633e341d05d7fff90c263228-63d1fd9e37594a53-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"0476efbe1451fd71519c7f60c568fe4d"
x-amz-meta-mtime: 1750336529.991595231
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:45 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 7520
cache: HIT
x-cached-since: 2025-06-22T13:30:32+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500

142.250.74.136

200 OK

356 kB

URL GET
www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, ASCII text, with very long lines (5913)
Size
356 kB (355915 bytes)
Hash
0f6567e19f5bb42371b708443218ea80
868be61a9297091019449aa08c19620a4821e731
051be56b836b893d21981b8205ae883d4fe5574ea7cef77a85a12deae774b0cd

HTTP Headers

GET /gtag/destination?id=AW-16664555628&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Jun 2025 15:35:53 GMT
expires: Sun, 22 Jun 2025 15:35:53 GMT
cache-control: private, max-age=900
last-modified: Sun, 22 Jun 2025 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 120945
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/a49ddc9ed7b115238ef2263b253f2225.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/a49ddc9ed7b115238ef2263b253f2225.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
22 kB (21827 bytes)
Hash
ff5d81879a491bb1cfe091c5817a89b4
2a1d20f61eb8c513b270b8d123e3a9f66c89f808
538bffce9fa55e37a08e6b7f5148f8e7884c02a82b13e8426553061ff2475f90

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/a49ddc9ed7b115238ef2263b253f2225.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
traceparent: 00-e997d9904c9e5173dc067538008249f4-5748da2cf20e17cd-01
last-modified: Tue, 20 May 2025 11:01:53 GMT
etag: W/"ff5d81879a491bb1cfe091c5817a89b4"
content-encoding: gzip
expires: Tue, 20 May 2025 12:23:08 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1621
cache: HIT
x-cached-since: 2025-06-22T15:08:41+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js

185.244.209.62

200 OK

865 B

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (840)
Size
865 B (865 bytes)
Hash
0af3fe0c072a5bb3b6c731767187982f
55db5afb57265dc92fd121fe9ae565ffb2f53b2c
655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30

HTTP Headers

GET /sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
content-length: 865
traceparent: 00-6ebb9be5e9e772920b25cb458bafdc4c-a9d2feb07b66a4f9-01
last-modified: Fri, 20 Jun 2025 14:13:24 GMT
etag: "0af3fe0c072a5bb3b6c731767187982f"
x-amz-meta-mtime: 1750428765.990144376
expires: Sun, 22 Jun 2025 08:09:05 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26276
cache: HIT
x-cached-since: 2025-06-22T08:17:47+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET luckyforbet.com/favicon.ico

23.109.150.181

404 Not Found

13 B

URL GET
luckyforbet.com/favicon.ico
IP
23.109.150.181:443
ASN
#7979 SERVERS-COM

Requested by
https://luckyforbet.com/h/w5_MkebN5u8IU.jA8sJRkglNN5M6weTq64wHmz6rCK4kH0ZR0u65Dvlbf46c7MbCbqeBgmnKTbxMAHXSmx6133qHY.wPdAUjWrkaNqYELYhsCLS6Ugjsr6gKo7VvoyL15oCwM4oNk8evHMSC8fkto8Qlde4Sv87SIE56UFMKhRpMgh5ydF.MbZLiADFzyLVTVaqZWbNBizbvviA3LZ8DfAqq.qqqq.qq
Certificate
IssuerLet's Encrypt
Subjectluckyforbet.com
FingerprintE0:E9:3A:83:40:36:62:3C:AB:8E:0C:7A:4A:CF:15:9A:47:47:0A:8E
ValiditySat, 10 May 2025 06:56:54 GMT - Fri, 08 Aug 2025 06:56:53 GMT

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1e6cd917ed71a1241e4bedc29264bd98
5b65037351caeb0e5a48d963d7ffa88d0271d546
7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: luckyforbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://luckyforbet.com/h/w5_MkebN5u8IU.jA8sJRkglNN5M6weTq64wHmz6rCK4kH0ZR0u65Dvlbf46c7MbCbqeBgmnKTbxMAHXSmx6133qHY.wPdAUjWrkaNqYELYhsCLS6Ugjsr6gKo7VvoyL15oCwM4oNk8evHMSC8fkto8Qlde4Sv87SIE56UFMKhRpMgh5ydF.MbZLiADFzyLVTVaqZWbNBizbvviA3LZ8DfAqq.qqqq.qq
Cookie: TRK_TRG=eJxjYGBgEmEXZMosEOSxNNSzNNAzMdIzNDURZE5PzRdk8vMX5C5KTc%2FMz4tPzk9JFWT189c1MBbkTM4sqYSIsANF%2FItz8gWZM4sLBPmccjIrFILzc0pLgHqKBfnyUkviiwtSU1PAqtkYBTkyi%2BMLivIrKtkYAUzOIh4%3D; TRK_TRU7=eJxjYGBgEuEQZC5NNBVUMDS0MLMwMTWyMDBJtkg0SkqyMDMzNUgytTAwNDJNSzMVZE0qSsxL4RVkzc1PSc3hFeRKKsovL04tis9MYWMT5IfxylKLijPz83gcEg4wgIAga34xSAmLIBeQAZdVYYDIcqeklmUmp8aXVBaksjECAC4vJZ8%3D; trk_cpa_pixel=8d4cfab0-4f7e-11f0-abbf-bf4cbf9e74e6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 22 Jun 2025 15:35:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Content-Encoding: gzip
Vary: Accept-Encoding

GET v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.vue-js-modal-b80265ab.js

185.244.209.62

200 OK

27 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.vue-js-modal-b80265ab.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26667), with no line terminators
Size
27 kB (26667 bytes)
Hash
da8dc1b4d54f9f5b1506c35e1d00139a
5ac224f85c17f285fba374f44928919105abfafd
0d86bef88dc869371df25bc4fb4d9e51586a935b9124d95e089fbaedafec4a7c

HTTP Headers

GET /main-static/61792ac9/desktop/default/vendors/plugins.vue-js-modal-b80265ab.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-b7d8d535b4e916967e14a1e89ba86f5d-8a135a67fd414395-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"da8dc1b4d54f9f5b1506c35e1d00139a"
x-amz-meta-mtime: 1750336530.007595283
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:38 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8566
cache: HIT
x-cached-since: 2025-06-22T13:12:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json

185.244.209.62

200 OK

7.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
7.3 kB (7321 bytes)
Hash
0614058b667e6dfa1cdecc6e0e53131c
4f20f88c436fb5cbd82cf1dcfeaa14e52195a369
be16474b0f19b7536ebdd3d0f8867b151eaa4638411ddb46845f887a5d51a653

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
traceparent: 00-d1c75043a62108f291a4f13b74649c51-efbc4011df45faa0-01
last-modified: Thu, 23 Jan 2025 13:19:10 GMT
etag: W/"0614058b667e6dfa1cdecc6e0e53131c"
content-encoding: gzip
expires: Thu, 23 Jan 2025 14:50:28 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1621
cache: HIT
x-cached-since: 2025-06-22T15:08:41+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png

185.244.209.62

200 OK

5.2 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: image/png
content-length: 5202
traceparent: 00-fb81c9a2b57477588c4f86f6eb66e75a-6a1a3a85462322a0-01
last-modified: Wed, 26 Jun 2024 08:22:59 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
expires: Thu, 16 Jan 2025 11:18:57 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83
cache: HIT
x-cached-since: 2025-06-22T15:34:20+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css

185.244.209.62

200 OK

46 B

URL GET
v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
29b5cda95fa390c124de39b6aeca6d24
46f68f69533c1fdc737eb36e8e7af7672178e610
6021ec0aede22eadcb8401fe945d345202320437c7be01b157f0cb282ebe7c88

HTTP Headers

GET /genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/css
content-length: 46
traceparent: 00-b8a85567e9131a49d218c44350854a75-7f3d80a172a92d0c-01
last-modified: Thu, 20 Mar 2025 13:29:31 GMT
etag: "29b5cda95fa390c124de39b6aeca6d24"
cache-control: max-age=3600
expires: Thu, 20 Mar 2025 14:32:37 GMT
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2224
cache: HIT
x-cached-since: 2025-06-22T14:58:38+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/164e07c960.js

185.244.209.62

200 OK

147 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/164e07c960.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Java source, ASCII text
Size
147 B (147 bytes)
Hash
d7e3795e2ecd0e90332c12c6ffed858e
89071395e5037d8a325dc68427a40925b2472db0
be6700b7e6e5998743921d1abfb511a4bc4023c3bdc5fdb0d7128ab5c1d1cb62

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/164e07c960.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
content-length: 147
traceparent: 00-a9f18b6a252cfcc8e6ae94fd4f306eaa-fa4eaa10af0e5e79-01
last-modified: Wed, 18 Jun 2025 13:47:11 GMT
etag: "d7e3795e2ecd0e90332c12c6ffed858e"
x-amz-meta-mtime: 1750254148.954234725
expires: Thu, 19 Jun 2025 13:50:23 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5554
cache: HIT
x-cached-since: 2025-06-22T14:03:09+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png

185.244.209.62

200 OK

653 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: image/png
content-length: 653
traceparent: 00-3a4e602e971e2385b83a9081302857c4-a8192e5d6db2820b-01
last-modified: Wed, 26 Jun 2024 08:18:02 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
expires: Thu, 16 Jan 2025 10:46:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3242
cache: HIT
x-cached-since: 2025-06-22T14:41:39+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css

185.244.209.62

200 OK

40 kB

URL GET
v3.traincdn.com/genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (39742), with no line terminators
Size
40 kB (39742 bytes)
Hash
11fcf67d96d7d317c64c54b46d5ec44f
abf4e85e9e932ed64412f46ff590b39a87e26cb9
96ec24e0f388bf29d22bc262d0ed8aecf4582efa4d2031a06566442663f68658

HTTP Headers

GET /genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/css
traceparent: 00-19f582d7fbf258ca0feadf387e094e25-c1b583e46121f974-01
last-modified: Fri, 20 Jun 2025 09:37:08 GMT
etag: W/"11fcf67d96d7d317c64c54b46d5ec44f"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 20 Jun 2025 11:58:57 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 82
cache: HIT
x-cached-since: 2025-06-22T15:34:20+00:00
X-Firefox-Spdy: h2

POST 1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

91.186.206.107

200 OK

23 B

URL POST
1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
58a8753c8c6e29f3b8b860123f9ac162
82058a0ca75bde53a047ae84e5c70fda90218f6e
a4e048b15075bd0bcae77e7d442487541f11d4375a016f876195da6522ec7479

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: afe489ba-20c7-4bb2-944a-2a9bfdc786e4
Content-Length: 129
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; postback_watcher=; auid=W7rOa2hYIs1l+8aJBCwOAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.046, wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/runtime-cd8ceb8c.js

185.244.209.62

200 OK

19 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/runtime-cd8ceb8c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (18683), with no line terminators
Size
19 kB (18683 bytes)
Hash
0c1e265007df3ccc1bfbb4e444f10864
6edfb32039115a1bca7fe2688e05ef5148161b20
2fd8c3b077e2109d70e3ee2ae9c473cb7246bcd8f7a13fa231fda3db7d7a8fb6

HTTP Headers

GET /main-static/61792ac9/desktop/default/runtime-cd8ceb8c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-3f6ce8faf10a7d8623deb8cb94f63b37-663f4d29fd73ad19-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"0c1e265007df3ccc1bfbb4e444f10864"
x-amz-meta-mtime: 1750336530.00359527
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:37 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8565
cache: HIT
x-cached-since: 2025-06-22T13:12:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (14232 bytes)
Hash
811ce3b7877d19901e45430cb6523d62
16a905115a678fdef3923f91c6f76cbab613e84d
10fbb74dbac63abfe9c4f5a77abc03757ef3527a479d4ae70dc977b515eec8cb

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
traceparent: 00-64bec7ccb228b100db3e8de2403e04c4-dd6d9f308f056d8e-01
last-modified: Thu, 27 Feb 2025 09:04:01 GMT
etag: W/"811ce3b7877d19901e45430cb6523d62"
content-encoding: gzip
expires: Thu, 27 Feb 2025 10:17:13 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1621
cache: HIT
x-cached-since: 2025-06-22T15:08:41+00:00
X-Firefox-Spdy: h2

GET 1xlite-87523.bar/bff-api/config/group/get?groups=d.technical&lang=en

91.186.206.107

200 OK

730 B

URL GET
1xlite-87523.bar/bff-api/config/group/get?groups=d.technical&lang=en
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JSON text data
Size
730 B (730 bytes)
Hash
87ec2701f4efb3b20790e1a967af79be
8c7a33e8de1fadc580287953380b136d261c27f5
add58098a30e646183c0c004afd7cdb345b576ed641263c6b19ab40c18d75395

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/group/get?groups=d.technical&lang=en HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-svc-source: __TECHNICAL_PAGES_APP__
x-app-n: __TECHNICAL_PAGES_APP__
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; postback_watcher=; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1920; che_g=2738350c-2a24-77d9-aee2-80e687305a05
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json
content-length: 730
cache-control: no-cache, private
server-timing: dt_total;dur=0.015, bff;dur=46.07, wf-uht;dur=0.060
x-dt: 285
x-pod: R-97tqs
x-time-ng: 0.050
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/42e926c49f.js

185.244.209.62

200 OK

27 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/42e926c49f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (27023)
Size
27 kB (27024 bytes)
Hash
504f2defe47d7dcd76a50fb013383a5b
c7e28c0b6b38045fe591196ffba3a7160b616e4c
399185c4fc4c505a4ca99d6db0a5b8e8bd65e6023c717a41140cdcb2e08b07ab

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/42e926c49f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-7d46faa0e394e820e43bc9e59455ab27-f3a0708af9d5d10e-01
last-modified: Wed, 18 Jun 2025 13:47:11 GMT
etag: W/"504f2defe47d7dcd76a50fb013383a5b"
x-amz-meta-mtime: 1750254148.954234725
content-encoding: gzip
expires: Thu, 19 Jun 2025 13:50:23 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5554
cache: HIT
x-cached-since: 2025-06-22T14:03:09+00:00
X-Firefox-Spdy: h2

POST 1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

91.186.206.107

200 OK

2 B

URL POST
1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: afe489ba-20c7-4bb2-944a-2a9bfdc786e4
Content-Length: 19
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; postback_watcher=; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1280; che_g=2738350c-2a24-77d9-aee2-80e687305a05
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json
content-length: 2
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.055, wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET mc.yandex.com/metrika/advert.gif

77.88.21.119

200 OK

43 B

URL GET
mc.yandex.com/metrika/advert.gif
IP
77.88.21.119:443
ASN
#13238 YANDEX LLC

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGlobalSign nv-sa
Subjectmc.yandex.ru
Fingerprint6C:98:CD:97:92:D2:EE:63:A5:D3:A7:DC:CA:54:8E:30:28:C5:79:64
ValidityWed, 19 Mar 2025 21:10:40 GMT - Fri, 29 Aug 2025 20:59:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 43
strict-transport-security: max-age=31536000
cache-control: max-age=3600
date: Sun, 22 Jun 2025 15:35:53 GMT
timing-allow-origin: *
content-type: image/gif
etag: "6854064b-2b"
access-control-allow-origin: *
expires: Sun, 22 Jun 2025 16:35:53 GMT
set-cookie: _yasc=YSkq70bgWOLOyXjJmTad0J7G8vimad1IZn9xvS+c5vKySHM+5WRdz+gIKty8Nsg7qMqj; domain=.yandex.com; path=/; expires=Wed, 20 Jun 2035 15:35:53 GMT; secure
i=26v6Lm3nVyeXajXhEHUdBP2P4jCzZ2YjgkyqLkR6wY+7T0fNS+qqQBQ/l0GBBOorjH+NwTBGbl3X6akwcpAnvi7yYsU=; Expires=Tue, 22-Jun-2027 15:35:53 GMT; Domain=.yandex.com; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=403950781750606553; Expires=Tue, 22-Jun-2027 15:35:53 GMT; Domain=.yandex.com; Path=/; Secure; SameSite=None
yashr=67942131750606553; Path=/; Domain=.yandex.com; Expires=Mon, 22 Jun 2026 15:35:53 GMT; SameSite=None; Secure; HttpOnly
bh=YNnF4MIGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.yandex.com; Expires=Mon, 27 Jul 2026 15:35:53 GMT; SameSite=None; Secure
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
accept-ranges: bytes
last-modified: Thu, 19 Jun 2025 12:44:59 GMT
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56g0v897130004za200zb9180563600&_p=1750606552934&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&cid=807345694.1750606554&ecid=1038920089&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1750606553&sct=1&seg=0&dl=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&dr=https%3A%2F%2Fluckyforbet.com%2F&dt=1xBet&_tu=Kg&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13145

216.239.32.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56g0v897130004za200zb9180563600&_p=1750606552934&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&cid=807345694.1750606554&ecid=1038920089&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1750606553&sct=1&seg=0&dl=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&dr=https%3A%2F%2Fluckyforbet.com%2F&dt=1xBet&_tu=Kg&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13145
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je56g0v897130004za200zb9180563600&_p=1750606552934&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&cid=807345694.1750606554&ecid=1038920089&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1750606553&sct=1&seg=0&dl=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&dr=https%3A%2F%2Fluckyforbet.com%2F&dt=1xBet&_tu=Kg&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13145 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-87523.bar
date: Sun, 22 Jun 2025 15:35:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css

185.244.209.62

200 OK

11 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (11072)
Size
11 kB (11073 bytes)
Hash
3d3e04f603cc58802ff96240abbdc3aa
e7e6a5d59c97236922354b40d288736f034a1ce3
611f7a963cd4aa278f1ba51f2401247df8c658929b76bfdce45bec08be83d7bd

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/css; charset=utf-8
traceparent: 00-7256fe5b1bb0917435b72eb5e94254b5-6426dd471bcf19c7-01
last-modified: Wed, 18 Jun 2025 13:47:11 GMT
etag: W/"3d3e04f603cc58802ff96240abbdc3aa"
x-amz-meta-mtime: 1750254148.963235023
content-encoding: gzip
expires: Thu, 19 Jun 2025 16:10:36 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84101
cache: HIT
x-cached-since: 2025-06-21T16:14:00+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9c2365ca58e0fb54268fd4914d751b9.json

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9c2365ca58e0fb54268fd4914d751b9.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (14466 bytes)
Hash
1a7ec72aad44f9540cb604d7cde5ff38
65e5851d652e0471c213282efb5eeee31ae813db
94d4bf6bc00a09b766ea0ba441e860dc40ee6d398be80e89016dd0ee662869d6

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/d9c2365ca58e0fb54268fd4914d751b9.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
traceparent: 00-9f2145031fd465a0bd9dba21a897725c-7d2cb3bf1de28428-01
last-modified: Mon, 16 Jun 2025 11:25:45 GMT
etag: W/"1a7ec72aad44f9540cb604d7cde5ff38"
content-encoding: gzip
expires: Mon, 16 Jun 2025 12:42:27 GMT
cache-control: max-age=3600
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1621
cache: HIT
x-cached-since: 2025-06-22T15:08:41+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/a1c3d1930127b405102a4616863435b5.json

185.244.209.62

200 OK

2.9 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/a1c3d1930127b405102a4616863435b5.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.9 kB (2853 bytes)
Hash
f9867cd5bf362d5d518027321410c262
c8152b1f17123f07b027c8ab359062dc5f7c1456
baa9a4f415e8e8b95c2269ac32d20c6850852d9973e47937440e2761a6d8ee65

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/a1c3d1930127b405102a4616863435b5.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json
traceparent: 00-aa91d238887daf4d2b9bde6618512a62-e3686ee19f18956b-01
last-modified: Thu, 05 Jun 2025 12:29:20 GMT
etag: W/"f9867cd5bf362d5d518027321410c262"
content-encoding: gzip
expires: Thu, 05 Jun 2025 13:42:00 GMT
cache-control: max-age=3600
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 858
cache: HIT
x-cached-since: 2025-06-22T15:21:25+00:00
X-Firefox-Spdy: h2

GET 1xlite-87523.bar/captcha-api/assets/hunt-captcha.js

91.186.206.107

200 OK

86 kB

URL GET
1xlite-87523.bar/captcha-api/assets/hunt-captcha.js
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
86 kB (85627 bytes)
Hash
7c8fa1a657a274f5569fac4989528cc9
43509c7a4e32e8075147e66ee58afdc5efa58ef9
4777207c1a8f6c4a33f5c41d15f9ca068c54193af6c76f586dbc292cf04cea50

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha-api/assets/hunt-captcha.js HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1280; che_g=2738350c-2a24-77d9-aee2-80e687305a05; SESSION=a928a90e57c0129862b0081357c79723
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:51 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=300
content-encoding: br
vary: Accept-Encoding
x-dt: 455
x-request-id: 1336d7f30a9c9f83953ddd0d106bf7ea
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.018, wf-uht;dur=
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json

185.244.209.62

200 OK

765 B

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
765 B (765 bytes)
Hash
00f980f23f1b4c1ccee99ed49e0a8feb
4cb07094de9bffff1bf81d94446280b91013b660
bb3be3377fbb8e66a4b5a8a3866dfd865a37cb4a96482ab2f439981e03b57cea

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json; charset=utf-8
content-length: 765
traceparent: 00-684c3a8700e0694539e362229ffbc324-2519d4793c2b9c3a-01
last-modified: Wed, 11 Oct 2023 12:52:53 GMT
etag: "00f980f23f1b4c1ccee99ed49e0a8feb"
cache-control: max-age=3600
expires: Thu, 16 Jan 2025 10:53:47 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2948
cache: HIT
x-cached-since: 2025-06-22T14:46:34+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-87523.bar/checker/redirect/stat/run/

91.186.206.107

200 OK

14 B

URL GET
1xlite-87523.bar/checker/redirect/stat/run/
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; postback_watcher=; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1280; che_g=2738350c-2a24-77d9-aee2-80e687305a05
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_16e298.css

185.244.209.62

200 OK

4.2 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_16e298.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3743)
Size
4.2 kB (4166 bytes)
Hash
a77127dbfb4d9c95e68cf08165c7c30e
229907578c9c65f8049a3221dfda4790568dd77f
16e298fb30fe85f67917c8783ccaecec2fa9729b9593f2998e5d619f91ace6f1

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_css_16e298.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/css; charset=utf-8
traceparent: 00-9f618a51eb434a139ec41cb4f2a3b152-45e5599ec3b600d0-01
last-modified: Fri, 20 Jun 2025 14:13:25 GMT
etag: W/"a77127dbfb4d9c95e68cf08165c7c30e"
x-amz-meta-mtime: 1750428765.982144484
content-encoding: gzip
expires: Sun, 22 Jun 2025 12:53:35 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 9359
cache: HIT
x-cached-since: 2025-06-22T12:59:42+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-c5cc8abd828bd132609388e6a9cf121d-1031a0dddf414aa3-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2409
cache: HIT
x-cached-since: 2025-06-22T14:55:32+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:51 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-d09759889e5ab3cd5be13e3ab6d52429-9574d74174753a3e-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2419
cache: HIT
x-cached-since: 2025-06-22T14:55:32+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js

185.244.209.62

200 OK

30 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (30255)
Size
30 kB (30277 bytes)
Hash
02cf95f00794b77df34632e34a59c5be
b64889fb6cbe78a141688ea761a627997ef8a8af
bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_FJKG5M2E.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-e0827c6505983643de3e05c1f8dce6fe-472d81ad19326dfb-01
last-modified: Fri, 20 Jun 2025 14:13:24 GMT
etag: W/"02cf95f00794b77df34632e34a59c5be"
x-amz-meta-mtime: 1750428765.978144538
content-encoding: gzip
expires: Sun, 22 Jun 2025 08:09:04 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26304
cache: HIT
x-cached-since: 2025-06-22T08:17:19+00:00
X-Firefox-Spdy: h2

POST www.google.com/ccm/collect?en=page_view&dr=luckyforbet.com&dl=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=2032958477.1750606554&dt=1xBet&auid=742358630.1750606554&navt=n&npa=1&gtm=45He56g0v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&tft=1750606553516&tfd=12880&apve=1&apvf=sb

142.250.178.36

200 OK

0 B

URL POST
www.google.com/ccm/collect?en=page_view&dr=luckyforbet.com&dl=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=2032958477.1750606554&dt=1xBet&auid=742358630.1750606554&navt=n&npa=1&gtm=45He56g0v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&tft=1750606553516&tfd=12880&apve=1&apvf=sb
IP
142.250.178.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint4F:74:10:0A:01:21:55:4F:03:B9:F9:8B:6A:DE:A2:47:7C:44:89:73
ValidityMon, 02 Jun 2025 08:37:21 GMT - Mon, 25 Aug 2025 08:37:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ccm/collect?en=page_view&dr=luckyforbet.com&dl=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=2032958477.1750606554&dt=1xBet&auid=742358630.1750606554&navt=n&npa=1&gtm=45He56g0v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&tft=1750606553516&tfd=12880&apve=1&apvf=sb HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
content-type: text/plain
date: Sun, 22 Jun 2025 15:35:53 GMT
cache-control: no-cache, no-store, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://1xlite-87523.bar
access-control-expose-headers: date,vary,vary,vary,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST ad.doubleclick.net/activity;src=14030178;type=xbet;cat=uniqu0;ord=1;num=6546577730173;npa=1;auiddc=742358630.1750606554;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56g0v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=3;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500;epver=2;dc_random=1750606553911;~oref=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock?

216.58.207.230

200 OK

42 B

URL POST
ad.doubleclick.net/activity;src=14030178;type=xbet;cat=uniqu0;ord=1;num=6546577730173;npa=1;auiddc=742358630.1750606554;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56g0v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=3;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500;epver=2;dc_random=1750606553911;~oref=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock?
IP
216.58.207.230:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.doubleclick.net
FingerprintFB:A1:4E:11:47:9D:59:E4:08:B3:F4:75:8B:B1:F2:7C:31:D8:11:B2
ValidityMon, 02 Jun 2025 08:35:28 GMT - Mon, 25 Aug 2025 08:35:27 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

POST /activity;src=14030178;type=xbet;cat=uniqu0;ord=1;num=6546577730173;npa=1;auiddc=742358630.1750606554;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56g0v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=3;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500;epver=2;dc_random=1750606553911;~oref=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jun 2025 15:35:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://1xlite-87523.bar
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/css/684d7545.css

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/css/684d7545.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (14391), with no line terminators
Size
14 kB (14391 bytes)
Hash
a552d5db890b7f16e370b33cc587e807
a9dc47737b3e1d8ef6fcbb48c7c0b026c6fda545
0d7e00204297499711ae1da574d4635b31d8238ab4a663b382c44d850d24f3ec

HTTP Headers

GET /main-static/61792ac9/desktop/default/css/684d7545.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/css; charset=utf-8
traceparent: 00-a592febce15693e71f874616f049425e-79f8d11e196eab64-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"a552d5db890b7f16e370b33cc587e807"
x-amz-meta-mtime: 1750336529.991595231
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:35 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8566
cache: HIT
x-cached-since: 2025-06-22T13:12:55+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/version.json

185.244.209.62

200 OK

11 B

URL GET
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text
Size
11 B (11 bytes)
Hash
12c4804389852fa8685844f2635a8707
3463a056f3af2afa31c692ce608cd627d5d45300
43c67b7a36b1aec5ba5aed79ec0878b293657c4e14e4b70c10f08e48cb23ef1d

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: application/json
content-length: 11
traceparent: 00-a47375ff083eda0c8e2b8ac33096099e-f967bbf6ce128daa-01
last-modified: Thu, 19 Jun 2025 12:35:52 GMT
etag: "12c4804389852fa8685844f2635a8707"
x-amz-meta-mtime: 1750336552.15566702
expires: Thu, 19 Jun 2025 12:38:00 GMT
cache-control: max-age=60
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 7
cache: HIT
x-cached-since: 2025-06-22T15:35:34+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/app-b161080e.js

185.244.209.62

200 OK

1.4 MB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/app-b161080e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64056)
Size
1.4 MB (1405611 bytes)
Hash
59800506d8ed60811509c8061d8c8583
5e3d13ec4764ffab0ec0f7a7f7ff1590e6158455
10c5554c33de58fc57b64609c0846dc3b73fd2b68f228fd9ad0b1f5d63a346da

HTTP Headers

GET /main-static/61792ac9/desktop/default/vendors/app-b161080e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-f5cad0fcc6f301e29bb15ef1d5334db5-47334526a9866bbb-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"59800506d8ed60811509c8061d8c8583"
x-amz-meta-mtime: 1750336530.00359527
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:37 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8565
cache: HIT
x-cached-since: 2025-06-22T13:12:56+00:00
X-Firefox-Spdy: h2

POST 1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

91.186.206.107

200 OK

23 B

URL POST
1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
ccdf864219b566df609e6a5acb8f184d
b894c72fbc8543c26409b6aba3cd30ee33298734
08d0bf3d720f70f97ba69bcb5b43317cd061b105980bdf9db6c5d86d36ac06b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: afe489ba-20c7-4bb2-944a-2a9bfdc786e4
Content-Length: 79
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; postback_watcher=; auid=W7rOa2hYIs1l+8aJBCwOAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.077, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1193)
Size
1.2 kB (1194 bytes)
Hash
7e76c08e7f16815131a5f13a10c1efba
5f800877b78a0713157fe119bc1a2d9a260f72e1
c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_7HDOEZTP.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-fe66dc4d94f63021ac8e6e232a090a3f-ad423713d6cf6c74-01
last-modified: Fri, 20 Jun 2025 14:13:24 GMT
etag: W/"7e76c08e7f16815131a5f13a10c1efba"
x-amz-meta-mtime: 1750428765.962144752
content-encoding: gzip
expires: Sun, 22 Jun 2025 08:09:04 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26276
cache: HIT
x-cached-since: 2025-06-22T08:17:47+00:00
X-Firefox-Spdy: h2

GET 1xlite-87523.bar/web-api/session

91.186.206.107

204 No Content

0 B

URL GET
1xlite-87523.bar/web-api/session
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1280; che_g=2738350c-2a24-77d9-aee2-80e687305a05
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jun 2025 15:35:50 GMT
cache-control: no-cache, private
server-timing: dt_total;dur=0.005, p;dur=20.083, wf-uht;dur=0.029
set-cookie: ua=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
SESSION=a928a90e57c0129862b0081357c79723; path=/; secure; httponly; samesite=lax
x-dt: 285
x-time-ng: 0.021, 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.136

200 OK

476 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)
Size
476 kB (475920 bytes)
Hash
75ad44f2f273f18e7d82a01573954195
40f638a4cee1c470d3f1c101b11c1d774f26d070
62d8b5faf1d3787fe94953d75af41bea9aa3c816750d4926f0b61809081d8323

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Jun 2025 15:35:53 GMT
expires: Sun, 22 Jun 2025 15:35:53 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 152017
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET luckyforbet.com/i/36173?var1=6181348

23.109.150.181

302 Found

639 B

URL User Request GET
luckyforbet.com/i/36173?var1=6181348
IP
23.109.150.181:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjectluckyforbet.com
FingerprintE0:E9:3A:83:40:36:62:3C:AB:8E:0C:7A:4A:CF:15:9A:47:47:0A:8E
ValiditySat, 10 May 2025 06:56:54 GMT - Fri, 08 Aug 2025 06:56:53 GMT

File type

Size
639 B (639 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /i/36173?var1=6181348 HTTP/1.1
Host: luckyforbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 22 Jun 2025 15:35:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: TRK_TRG=eJxjYGBgEmEXZMosEOSxNNSzNNAzMdIzNDURZE5PzRdk8vMX5C5KTc%2FMz4tPzk9JFWT189c1MBbkTM4sqYSIsANF%2FItz8gWZM4sLBPmccjIrFILzc0pLgHqKBfnyUkviiwtSU1PAqtkYBTkyi%2BMLivIrKtkYAUzOIh4%3D; expires=Mon, 23-Jun-2025 15:35:40 GMT; Max-Age=86400; path=/
TRK_TRU7=eJxjYGBgEuEQZC5NNBVUMDS0MLMwMTWyMDBJtkg0SkqyMDMzNUgytTAwNDJNSzMVZE0qSsxL4RVkzc1PSc3hFeRKKsovL04tis9MYWMT5IfxylKLijPz83gcEg4wgIAga34xSAmLIBeQAZdVYYDIcqeklmUmp8aXVBaksjECAC4vJZ8%3D; expires=Mon, 23-Jun-2025 15:35:40 GMT; Max-Age=86400; path=/
trk_cpa_pixel=8d4cfab0-4f7e-11f0-abbf-bf4cbf9e74e6; expires=Thu, 21-Aug-2025 15:35:40 GMT; Max-Age=5184000; path=/
Location: https://luckyforbet.com/h/w5_MkebN5u8IU.jA8sJRkglNN5M6weTq64wHmz6rCK4kH0ZR0u65Dvlbf46c7MbCbqeBgmnKTbxMAHXSmx6133qHY.wPdAUjWrkaNqYELYhsCLS6Ugjsr6gKo7VvoyL15oCwM4oNk8evHMSC8fkto8Qlde4Sv87SIE56UFMKhRpMgh5ydF.MbZLiADFzyLVTVaqZWbNBizbvviA3LZ8DfAqq.qqqq.qq
Content-Encoding: gzip
Vary: Accept-Encoding

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_9f79b57ae29734bf23bfd9d6d7833952.json

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_9f79b57ae29734bf23bfd9d6d7833952.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.2 kB (1170 bytes)
Hash
b1bc31ea28772d905bbd48fae35ed54d
4bd24ecf3af97fd3b8602c03fcd2c6cace295dad
96fe079aa8c9739c0b63ee0544b39ead14352757d2545735acc85d7017414f0f

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_9f79b57ae29734bf23bfd9d6d7833952.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json; charset=utf-8
traceparent: 00-b263d4794fb1930a404f17a5b3d7dd3b-3e5d2eddc696fc44-01
last-modified: Wed, 18 Jun 2025 08:06:44 GMT
etag: W/"b1bc31ea28772d905bbd48fae35ed54d"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 18 Jun 2025 09:20:44 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1313
cache: HIT
x-cached-since: 2025-06-22T15:13:49+00:00
X-Firefox-Spdy: h2

GET 1xlite-87523.bar/hd-api/external/assets/hdf.js

91.186.206.107

200 OK

4.1 kB

URL GET
1xlite-87523.bar/hd-api/external/assets/hdf.js
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
C++ source, ASCII text, with very long lines (874)
Size
4.1 kB (4083 bytes)
Hash
40eaa62ed21bd753172f4c307e2a41d0
f7b03c6b004562311c8ca00466179629738b2a40
60fed8cb321dc09e4e1d910b5822bd8f67d53d0962a41ddc9f5ac33edd4e2213

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/assets/hdf.js HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1280; che_g=2738350c-2a24-77d9-aee2-80e687305a05; SESSION=a928a90e57c0129862b0081357c79723
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:51 GMT
content-type: text/javascript; charset=utf-8
content-length: 1620
cache-control: public, max-age=300
content-encoding: gzip
etag: 40eaa62ed21bd753172f4c307e2a41d0
vary: Accept-Encoding
x-dt: 455
x-request-guid: d75b85987459d8aff06ae98aca1be6a4
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.011, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

POST 1xlite-87523.bar/hd-api/external/verify

91.186.206.107

200 OK

715 B

URL POST
1xlite-87523.bar/hd-api/external/verify
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JSON text data
Size
715 B (715 bytes)
Hash
247f7297ad211623510155ac84b74b28
e667fb0768c79ec8456b44fc353adf066eb7d43b
42b3069d42c2a632545e2eccb27b8e4aec2bedd7106e9cc7dd3ab7377b390f85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/verify HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
Content-Type: text/plain;charset=UTF-8
Content-Length: 108905
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1280; che_g=2738350c-2a24-77d9-aee2-80e687305a05; SESSION=a928a90e57c0129862b0081357c79723
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:52 GMT
content-type: application/json
content-length: 583
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-request-guid: b76e3eff2967e885066462a26d866095
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.007, wf-uht;dur=0.056
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_c475e7b28b6b22307751b2c2c28273a7.json

185.244.209.62

200 OK

23 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_c475e7b28b6b22307751b2c2c28273a7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
23 kB (22559 bytes)
Hash
7889ae7db096d748d942dbf58bd893b6
e9fc563f031d510363a597702fd9c4ca070aa870
a5145ccfed8e62882a5e36ab1bacad3c6fd36f203bf8b37e0ec20298fe7df20c

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_c475e7b28b6b22307751b2c2c28273a7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json; charset=utf-8
traceparent: 00-b43eabebbf282301ffcc5b09d6b94880-3b348969ab30b8ba-01
last-modified: Tue, 03 Jun 2025 08:06:56 GMT
etag: W/"c08ec4640f6ba3d9b8a7363620465d67"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 03 Jun 2025 09:40:13 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1547
cache: HIT
x-cached-since: 2025-06-22T15:09:55+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/DC-10710285.js

185.244.209.62

200 OK

2.7 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/DC-10710285.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2653), with no line terminators
Size
2.7 kB (2653 bytes)
Hash
8456a4c93bdea57b5386e8925733e535
306f451ed2b4fe561c3288766ae845436fd33284
26f97be768fee91730f47a7194021fa49b113dc81d060a2a470581e215fcbeab

HTTP Headers

GET /main-static/61792ac9/desktop/default/DC-10710285.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-803efb806d6a9b1ea6adf1566d71d57f-069def8946f241a0-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"8456a4c93bdea57b5386e8925733e535"
x-amz-meta-mtime: 1750336529.983595205
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:39 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8566
cache: HIT
x-cached-since: 2025-06-22T13:12:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json

185.244.209.62

200 OK

3.6 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
3.6 kB (3557 bytes)
Hash
4b08975411699bcd7464f49777e866bf
2a9b0a0f3eadf5f3e1ef688bacd9560dd59c73d2
b6208d18413f8988db2e0040ff72516c0cb5e06d3d9692b5b098808ab46fc378

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json
traceparent: 00-6bec5c913a8f2fc9d3063d9e27ece813-29bc8f3af106cd4c-01
last-modified: Thu, 27 Feb 2025 09:06:12 GMT
etag: W/"4b08975411699bcd7464f49777e866bf"
content-encoding: gzip
expires: Thu, 27 Feb 2025 10:17:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 858
cache: HIT
x-cached-since: 2025-06-22T15:21:25+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500

142.250.74.136

200 OK

306 kB

URL GET
www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, ASCII text, with very long lines (5913)
Size
306 kB (305517 bytes)
Hash
1be93fd192ea2209b7957f8e0d4d9271
3bf807b9189569b6100460af18ecbd69f027fe25
0649b551c7a42c3409312ab8c46a1b2f8ff9f9424bf5b82b4574f9529c7dd770

HTTP Headers

GET /gtag/destination?id=DC-14030178&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Jun 2025 15:35:53 GMT
expires: Sun, 22 Jun 2025 15:35:53 GMT
cache-control: private, max-age=900
last-modified: Sun, 22 Jun 2025 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 106906
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/9d4f48c82e.js

185.244.209.62

200 OK

2.4 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/9d4f48c82e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2401)
Size
2.4 kB (2402 bytes)
Hash
9cc6c128dcc8a510fc6d01ad3e0e035a
c9689aaf76a0e1bd0e142345fd0ee9c8d88a7291
b1ee9fd385cd9ce2fddec3ac6af9e184f0c6ef04ee113da65f0c129dcaff72e0

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/9d4f48c82e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2bd226cb9e58c806418e6671638363e8-df6c2fbbd7c0370a-01
last-modified: Wed, 18 Jun 2025 13:47:11 GMT
etag: W/"9cc6c128dcc8a510fc6d01ad3e0e035a"
x-amz-meta-mtime: 1750254148.960234924
content-encoding: gzip
expires: Thu, 19 Jun 2025 13:50:23 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5554
cache: HIT
x-cached-since: 2025-06-22T14:03:09+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:51 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-0535608d5da86d1bc2ce626557b14937-6f05376727d08b8f-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 420
cache: HIT
x-cached-since: 2025-06-22T15:28:51+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_5c24ba743a.js

185.244.209.62

200 OK

817 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_5c24ba743a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (22892)
Size
817 kB (816976 bytes)
Hash
4bb8bffafb3327285627b1dae0860967
b8094e5f1f11335457d2fdd02691d4027f1b327d
348838080c75e34f5eb56571c8fdfcc5b4dde47011dd6eaa645de6bfdef4fc01

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_base-app_5c24ba743a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-596baade8dca8780c823ca6a3ada2ebe-a765a7d872f13117-01
last-modified: Fri, 20 Jun 2025 13:00:39 GMT
etag: W/"4bb8bffafb3327285627b1dae0860967"
x-amz-meta-mtime: 1750424035.016973526
content-encoding: gzip
expires: Sat, 21 Jun 2025 13:49:44 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 6146
cache: HIT
x-cached-since: 2025-06-22T13:53:16+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js

185.244.209.62

200 OK

19 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (19034)
Size
19 kB (19175 bytes)
Hash
1580a3cfe81fd30910a49dfe64cc8e7b
314144dc49595482ba46c0b85b38d5f73ef73a7b
8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-215bdba3c6cc6257b3dc2caa094710ae-9f040e7568ecd9d1-01
last-modified: Fri, 20 Jun 2025 14:13:24 GMT
etag: W/"1580a3cfe81fd30910a49dfe64cc8e7b"
x-amz-meta-mtime: 1750428765.978144538
content-encoding: gzip
expires: Sat, 21 Jun 2025 19:04:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 73866
cache: HIT
x-cached-since: 2025-06-21T19:04:37+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json

185.244.209.62

200 OK

473 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
473 B (473 bytes)
Hash
e67aa19ef00fd2285c7b4ecbb6018306
5b01d4786d6fbfbd5de7901eb4359a55466f434a
135c1042c31e3674d8a1b3b9e7179f4f36868048ca6058ea458ff291b8880b5e

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json
content-length: 473
traceparent: 00-615a6232a0d48c9e7d1104bd2a829379-a284211e0eabc820-01
last-modified: Thu, 16 May 2024 20:41:30 GMT
etag: "e67aa19ef00fd2285c7b4ecbb6018306"
expires: Fri, 16 May 2025 19:56:49 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 858
cache: HIT
x-cached-since: 2025-06-22T15:21:25+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET mc.yandex.com/watch/22934032?wmode=7&page-url=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&page-ref=https%3A%2F%2Fluckyforbet.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ai3icr3vaukfptwrwd2g3ha7bh00r%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2091%3Acn%3A1%3Adp%3A0%3Als%3A954314459275%3Ahid%3A277369142%3Az%3A0%3Ai%3A20250622153553%3Aet%3A1750606553%3Ac%3A1%3Arn%3A676235380%3Arqn%3A1%3Au%3A1750606553729069592%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A1109%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C444%2C0%2C%2C552%2C10%2C2027%2C2027%2C0%2C1111%3Aco%3A0%3Acpf%3A1%3Ans%3A1750606540635%3Arqnl%3A1%3Ast%3A1750606553%3At%3A1xBet&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(42009092)ti(1)

77.88.21.119

302 Found

653 B

URL GET
mc.yandex.com/watch/22934032?wmode=7&page-url=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&page-ref=https%3A%2F%2Fluckyforbet.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ai3icr3vaukfptwrwd2g3ha7bh00r%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2091%3Acn%3A1%3Adp%3A0%3Als%3A954314459275%3Ahid%3A277369142%3Az%3A0%3Ai%3A20250622153553%3Aet%3A1750606553%3Ac%3A1%3Arn%3A676235380%3Arqn%3A1%3Au%3A1750606553729069592%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A1109%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C444%2C0%2C%2C552%2C10%2C2027%2C2027%2C0%2C1111%3Aco%3A0%3Acpf%3A1%3Ans%3A1750606540635%3Arqnl%3A1%3Ast%3A1750606553%3At%3A1xBet&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(42009092)ti(1)
IP
77.88.21.119:443
ASN
#13238 YANDEX LLC

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGlobalSign nv-sa
Subjectmc.yandex.ru
Fingerprint6C:98:CD:97:92:D2:EE:63:A5:D3:A7:DC:CA:54:8E:30:28:C5:79:64
ValidityWed, 19 Mar 2025 21:10:40 GMT - Fri, 29 Aug 2025 20:59:59 GMT

File type

Size
653 B (653 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch/22934032?wmode=7&page-url=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&page-ref=https%3A%2F%2Fluckyforbet.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ai3icr3vaukfptwrwd2g3ha7bh00r%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2091%3Acn%3A1%3Adp%3A0%3Als%3A954314459275%3Ahid%3A277369142%3Az%3A0%3Ai%3A20250622153553%3Aet%3A1750606553%3Ac%3A1%3Arn%3A676235380%3Arqn%3A1%3Au%3A1750606553729069592%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A1109%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C444%2C0%2C%2C552%2C10%2C2027%2C2027%2C0%2C1111%3Aco%3A0%3Acpf%3A1%3Ans%3A1750606540635%3Arqnl%3A1%3Ast%3A1750606553%3At%3A1xBet&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(42009092)ti(1) HTTP/1.1
Host: mc.yandex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
access-control-allow-credentials: true
pragma: no-cache
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
last-modified: Sun, 22-Jun-2025 15:35:53 GMT
location: /watch/22934032/1?wmode=7&page-url=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock&page-ref=https%3A%2F%2Fluckyforbet.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ai3icr3vaukfptwrwd2g3ha7bh00r%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2091%3Acn%3A1%3Adp%3A0%3Als%3A954314459275%3Ahid%3A277369142%3Az%3A0%3Ai%3A20250622153553%3Aet%3A1750606553%3Ac%3A1%3Arn%3A676235380%3Arqn%3A1%3Au%3A1750606553729069592%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A1109%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C444%2C0%2C%2C552%2C10%2C2027%2C2027%2C0%2C1111%3Aco%3A0%3Acpf%3A1%3Ans%3A1750606540635%3Arqnl%3A1%3Ast%3A1750606553%3At%3A1xBet&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29&redirnss=1
x-xss-protection: 1; mode=block
access-control-allow-origin: https://1xlite-87523.bar
strict-transport-security: max-age=31536000
expires: Sun, 22-Jun-2025 15:35:53 GMT
set-cookie: yabs-sid=90906341750606553; Path=/; SameSite=None; Secure
i=A/6WjUiBuJDnuLIUGL4GIhOC8zMN4Hqjls6fryZKqQoaX5Ue2YRmJHGVOIl7ahZPG3iHwm2J3pH+DbKacrAhYlNAfZE=; Expires=Wed, 20-Jun-2035 15:35:34 GMT; Domain=.yandex.com; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=3719534051750606553; Expires=Wed, 20-Jun-2035 15:35:34 GMT; Domain=.yandex.com; Path=/; Secure; SameSite=None
yuidss=3719534051750606553; Expires=Mon, 22-Jun-2026 15:35:53 GMT; Domain=.yandex.com; Path=/; SameSite=None; Secure
ymex=1782142553.yrts.1750606553#1782142553.yrtsi.1750606553; Expires=Mon, 22-Jun-2026 15:35:53 GMT; Domain=.yandex.com; Path=/; SameSite=None; Secure
bh=YNnF4MIGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.yandex.com; Expires=Mon, 27 Jul 2026 15:35:53 GMT; SameSite=None; Secure
bh=YNnF4MIGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.yandex.com; Expires=Mon, 27 Jul 2026 15:35:53 GMT; SameSite=None; Secure
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_cbc701880c9e30a345ede88e3a056e92.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_cbc701880c9e30a345ede88e3a056e92.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
22 kB (21856 bytes)
Hash
9c91c07d8ec9edd108f247bb5cdf63b8
71f4de7c742ef9c262d94e0a2aa01a2092bc0488
079f9adfbce8307eae396c2924c5647020790e8e1b178397e34af1d6405262ab

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_cbc701880c9e30a345ede88e3a056e92.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json; charset=utf-8
traceparent: 00-f05afe5067039930844fefd996003b9a-e9309d12141fcfdd-01
last-modified: Wed, 18 Jun 2025 16:06:42 GMT
etag: W/"f576eaccdc74370d45abf7945a3a8174"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 18 Jun 2025 17:26:26 GMT
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68
cache: HIT
x-cached-since: 2025-06-22T15:34:34+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json

185.244.209.62

200 OK

182 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
182 B (182 bytes)
Hash
0a64a07e9a34e8a5b5e97e80a10888c5
82545cbc39b7dcc031dd10dea841a0b3698243d6
7201497e7e8cdf9d35bf6998e43dcde5feea535f9828ce3ee98785781016126c

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json
content-length: 182
traceparent: 00-0aa596e2dc04c0630354173026236c29-8096b8e2697c7be1-01
last-modified: Thu, 27 Feb 2025 08:55:26 GMT
etag: "0a64a07e9a34e8a5b5e97e80a10888c5"
expires: Thu, 27 Feb 2025 10:17:13 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1621
cache: HIT
x-cached-since: 2025-06-22T15:08:41+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e51c24c8ac.js

185.244.209.62

200 OK

3.9 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e51c24c8ac.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3873)
Size
3.9 kB (3874 bytes)
Hash
bb033fb223aa7b54248f6272392312dd
f7d5bd65a89f494cafc91ead618b32ac124e4764
cea19f93dd8cb316d74d251619e24ccee56002bc87cf5fb6fb452cb62133dbfe

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e51c24c8ac.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-ffdcad8baffaf7ac769f454454ba9ffe-5d34739aa5959c7c-01
last-modified: Wed, 18 Jun 2025 13:47:11 GMT
etag: W/"bb033fb223aa7b54248f6272392312dd"
x-amz-meta-mtime: 1750254148.964235056
content-encoding: gzip
expires: Thu, 19 Jun 2025 13:50:23 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5554
cache: HIT
x-cached-since: 2025-06-22T14:03:09+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/45f1770114.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/45f1770114.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1165)
Size
1.2 kB (1166 bytes)
Hash
bf50b784620ed417a811a29b93c1674b
72cbca9b31debe6d7bda2a2c553edd8e5c5ff44e
2bcf4abc801d0b74d8f38af2b71a8572856fc612af519a57b56f78247367474a

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/45f1770114.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-e6d6c3f356f421aaae129de71aaac754-e67a225444d47c8b-01
last-modified: Wed, 18 Jun 2025 13:47:11 GMT
etag: W/"bf50b784620ed417a811a29b93c1674b"
x-amz-meta-mtime: 1750254148.955234758
content-encoding: gzip
expires: Thu, 19 Jun 2025 13:50:23 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5554
cache: HIT
x-cached-since: 2025-06-22T14:03:09+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ad31aef0b1.js

185.244.209.62

200 OK

864 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ad31aef0b1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (863)
Size
864 B (864 bytes)
Hash
9f763cf109976cc240a688471df28e0f
c97a82b72d54e5a4c96cb18df28b475fd7052ec6
ef6f9e80182014cdb24807ec43e59544eef8c3147dd6cf0300f135da0751828d

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ad31aef0b1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
content-length: 864
traceparent: 00-67b56c911f97c9a3e1afdc70fb519cc0-ae4f78322dacb455-01
last-modified: Wed, 18 Jun 2025 13:47:11 GMT
etag: "9f763cf109976cc240a688471df28e0f"
x-amz-meta-mtime: 1750254148.96223499
expires: Thu, 19 Jun 2025 13:50:23 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5554
cache: HIT
x-cached-since: 2025-06-22T14:03:09+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-87523.bar/hd-api/external/01979848-17ff-7110-b0ab-86d201e53ad7.js

91.186.206.107

200 OK

305 kB

URL GET
1xlite-87523.bar/hd-api/external/01979848-17ff-7110-b0ab-86d201e53ad7.js
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
305 kB (304817 bytes)
Hash
5142792bf3b24c1d5b984b4868ff0311
d3e17ff6a62040410383fd949c5a8eda84de61bb
b3fa2c53d5668ac35608942c9624525e18044feb804cf43008c1208c6368dc8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/01979848-17ff-7110-b0ab-86d201e53ad7.js HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1280; che_g=2738350c-2a24-77d9-aee2-80e687305a05; SESSION=a928a90e57c0129862b0081357c79723
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:51 GMT
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0, must-revalidate
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-hd-trace-id: f52a9229-0f89-4bea-aa1f-809ac3dfc96c
x-request-guid: 923ca6917e87bfeca7a8bd8615cca21a
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.007, wf-uht;dur=0.028
X-Firefox-Spdy: h2

POST 1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

91.186.206.107

200 OK

23 B

URL POST
1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
eed55bf22d20e6f912e4c65a6ae2694e
7519d4fc5acf551acf3c9761e8c03afe190ccd2b
9e6a0cec97ebfab1904d4d6c9e467af0e946e6ba5fed13ec69c26f31279dc360

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: afe489ba-20c7-4bb2-944a-2a9bfdc786e4
Content-Length: 140
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1280; che_g=2738350c-2a24-77d9-aee2-80e687305a05; SESSION=a928a90e57c0129862b0081357c79723; _ym_uid=1750606553729069592; _ym_d=1750606553; _ym_isad=2; _gcl_au=1.1.742358630.1750606554; _ga_7JGWL9SV66=GS2.1.s1750606553$o1$g0$t1750606553$j60$l0$h1038920089; _ga=GA1.1.807345694.1750606554; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:54 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.005, wf-uht;dur=0.008
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_754eea55999d6fbc19f9a50e3d531192.json

185.244.209.62

200 OK

9.7 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_754eea55999d6fbc19f9a50e3d531192.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
9.7 kB (9658 bytes)
Hash
0c26423c06dea45c278028334fbcf196
944405943af6d96d5550537bfc260cdc45b20d7a
fd6980f7c65c950c088ac6bcd1267645453be42eb2d24205b80adafbc29e6bd5

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_754eea55999d6fbc19f9a50e3d531192.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json; charset=utf-8
traceparent: 00-379bec0fc85241ea398752582da36a40-4ec41e8038116b5b-01
last-modified: Thu, 19 Jun 2025 10:06:35 GMT
etag: W/"0c26423c06dea45c278028334fbcf196"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 19 Jun 2025 11:38:59 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1636
cache: HIT
x-cached-since: 2025-06-22T15:08:26+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_0cd445c245c40f6e6d4f11256ad20db0.json

185.244.209.62

200 OK

4.2 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_0cd445c245c40f6e6d4f11256ad20db0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
4.2 kB (4221 bytes)
Hash
077b8fa399ec723c70b9404a9c41f8f2
8d005ff5e0b0b6ddd48dfe5c6bf7571cc50115e9
572ef731ddde9a6225a20d622266144882bb54839255d1b809d1c013aa64cad7

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_0cd445c245c40f6e6d4f11256ad20db0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json; charset=utf-8
traceparent: 00-1d908d51271491be705ead6db40aa936-6ca999412d24d95c-01
last-modified: Mon, 16 Jun 2025 12:06:30 GMT
etag: W/"077b8fa399ec723c70b9404a9c41f8f2"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 16 Jun 2025 13:10:33 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1984
cache: HIT
x-cached-since: 2025-06-22T15:02:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.vue-notification-575f3ba7.js

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/vendors/plugins.vue-notification-575f3ba7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12563), with no line terminators
Size
13 kB (12563 bytes)
Hash
cd9839620a2ba08dedf86ba42ab5a0ae
33979ec3abb619aeb258d50931e5319e41ca3fc8
11a8211423bdc49f5ba7982a50224bb69d82c8d459d69eff9f69b10e5c5618dc

HTTP Headers

GET /main-static/61792ac9/desktop/default/vendors/plugins.vue-notification-575f3ba7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-a3fde47b38de5d39b5d9c781a96209d3-f56e06c4ab072c25-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"cd9839620a2ba08dedf86ba42ab5a0ae"
x-amz-meta-mtime: 1750336530.007595283
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:38 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8566
cache: HIT
x-cached-since: 2025-06-22T13:12:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/eee81f490f.js

185.244.209.62

200 OK

4.1 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/eee81f490f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4047)
Size
4.1 kB (4050 bytes)
Hash
f7165652388e4db8492b0c5cef873911
bb21320a39643361100fe8e11e4b5446873130be
68aafd61544b4d0566b7ca8faa7281f9887cc0416a8381aff01f27a00dea7c1c

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/eee81f490f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-da9e7c328d633d59826f2c568aafe379-f2c8a72a7911c9f2-01
last-modified: Wed, 18 Jun 2025 13:47:11 GMT
etag: W/"f7165652388e4db8492b0c5cef873911"
x-amz-meta-mtime: 1750254148.966235123
content-encoding: gzip
expires: Thu, 19 Jun 2025 13:50:23 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5554
cache: HIT
x-cached-since: 2025-06-22T14:03:09+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/commons/app-4b82fdd3.js

185.244.209.62

200 OK

138 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/commons/app-4b82fdd3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
138 kB (138079 bytes)
Hash
868af65a31d095c2a360f8a5e94425bc
59e94cfde197cb7fbf844717ae7083f35a44e3a4
ab24c1b9022a49c40e590b7fdd6b471a627b1eaf389ab3f5f605ae794fdb8c53

HTTP Headers

GET /main-static/61792ac9/desktop/default/commons/app-4b82fdd3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-f0786590cdfc9c35ad29bdc296daf5de-7f956f34c34a5b0f-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"868af65a31d095c2a360f8a5e94425bc"
x-amz-meta-mtime: 1750336529.991595231
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:37 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8565
cache: HIT
x-cached-since: 2025-06-22T13:12:56+00:00
X-Firefox-Spdy: h2

POST 1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

91.186.206.107

200 OK

23 B

URL POST
1xlite-87523.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
e9ae1327a5b9772a8a4ec161ff2e93f2
d27b4d13da3cbd101c9e06b440657e6dd4658597
96a31c623f7a9701de8e5e02da27fb9f8ac232d86e48ad1ad01b620801d7ea3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: afe489ba-20c7-4bb2-944a-2a9bfdc786e4
Content-Length: 103
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; postback_watcher=; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1280; che_g=2738350c-2a24-77d9-aee2-80e687305a05
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.006, wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET adservice.google.com/ddm/fls/z/src=14030178;type=xbet;cat=uniqu0;ord=1;num=6546577730173;npa=1;auiddc=*;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56g0v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=2;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500;epver=2;dc_random=1750606553911;_dc_test=1;~oref=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock

142.250.74.98

200 OK

42 B

URL GET
adservice.google.com/ddm/fls/z/src=14030178;type=xbet;cat=uniqu0;ord=1;num=6546577730173;npa=1;auiddc=*;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56g0v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=2;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500;epver=2;dc_random=1750606553911;_dc_test=1;~oref=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock
IP
142.250.74.98:443
ASN
#15169 GOOGLE

Requested by
https://14030178.fls.doubleclick.net/activityi;src=14030178;type=xbet;cat=uniqu0;ord=1;num=6546577730173;npa=1;auiddc=742358630.1750606554;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56g0v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=2;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500;epver=2;dc_random=1750606553911;_dc_test=1;~oref=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock?
Certificate
IssuerGoogle Trust Services
Subject*.google.com
FingerprintEE:B4:21:E2:07:A7:35:36:27:81:A0:3A:3E:C9:6C:F5:11:A0:7F:5C
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ddm/fls/z/src=14030178;type=xbet;cat=uniqu0;ord=1;num=6546577730173;npa=1;auiddc=*;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56g0v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=2;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500;epver=2;dc_random=1750606553911;_dc_test=1;~oref=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14030178.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jun 2025 15:35:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/2.3.253/Desktop/Default/client.css

185.244.209.62

200 OK

643 kB

URL GET
v3.traincdn.com/sys-ui/2.3.253/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
643 kB (642806 bytes)
Hash
51ed7bc142a0d38b5e128fc507d2425d
72307245c00ff99ee4ec428917b29d8cd80ca2a3
7ad4a2f8c8db8564be108f52b97502089eca6264a874dd2428335414614377e5

HTTP Headers

GET /sys-ui/2.3.253/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/css; charset=utf-8
traceparent: 00-4e787647ccf5741a117fc9c319128616-b1b7eccd7786c06e-01
last-modified: Wed, 18 Jun 2025 12:17:43 GMT
etag: W/"51ed7bc142a0d38b5e128fc507d2425d"
x-amz-meta-mtime: 1750249060.487555463
content-encoding: gzip
expires: Thu, 19 Jun 2025 15:47:31 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 85560
cache: HIT
x-cached-since: 2025-06-21T15:49:41+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-c0e19752dc373061bad6b98913f855c0-b94f261dac5cae54-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 410
cache: HIT
x-cached-since: 2025-06-22T15:28:51+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/app-cd8079b5.js

185.244.209.62

200 OK

505 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/app-cd8079b5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
505 kB (504916 bytes)
Hash
876917bb52b2a485ba55cbefb6ad83ac
b31f0410ae524edfcfddd7804885f29990857245
712de7eb9b77c503da829227b99bf078234473d2f214bf4302878f3830fd72b9

HTTP Headers

GET /main-static/61792ac9/desktop/default/app-cd8079b5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-e03b15fbf1768a65ef986d6eb6d09153-80e6bd4461bbb874-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"876917bb52b2a485ba55cbefb6ad83ac"
x-amz-meta-mtime: 1750336529.991595231
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:37 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8565
cache: HIT
x-cached-since: 2025-06-22T13:12:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json

185.244.209.62

200 OK

2.3 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.3 kB (2308 bytes)
Hash
7c12ae6fc08684f50822b3eb56779e29
036c726b8b7b2d24f987391101f3e8d1a2a183cf
a2eac45353675c82733192916712b8876c6b038b7bdbddc24df464e38b67cbfd

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json; charset=utf-8
traceparent: 00-03a0e1d0f848e25457bb475de5e1bf4f-351a92b16f7b58cd-01
last-modified: Tue, 22 Apr 2025 08:06:29 GMT
etag: W/"7c12ae6fc08684f50822b3eb56779e29"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 22 Apr 2025 09:26:34 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2077
cache: HIT
x-cached-since: 2025-06-22T15:01:06+00:00
X-Firefox-Spdy: h2

GET luckyforbet.com/h/w5_MkebN5u8IU.jA8sJRkglNN5M6weTq64wHmz6rCK4kH0ZR0u65Dvlbf46c7MbCbqeBgmnKTbxMAHXSmx6133qHY.wPdAUjWrkaNqYELYhsCLS6Ugjsr6gKo7VvoyL15oCwM4oNk8evHMSC8fkto8Qlde4Sv87SIE56UFMKhRpMgh5ydF.MbZLiADFzyLVTVaqZWbNBizbvviA3LZ8DfAqq.qqqq.qq

23.109.150.181

200 OK

639 B

URL User Request GET
luckyforbet.com/h/w5_MkebN5u8IU.jA8sJRkglNN5M6weTq64wHmz6rCK4kH0ZR0u65Dvlbf46c7MbCbqeBgmnKTbxMAHXSmx6133qHY.wPdAUjWrkaNqYELYhsCLS6Ugjsr6gKo7VvoyL15oCwM4oNk8evHMSC8fkto8Qlde4Sv87SIE56UFMKhRpMgh5ydF.MbZLiADFzyLVTVaqZWbNBizbvviA3LZ8DfAqq.qqqq.qq
IP
23.109.150.181:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjectluckyforbet.com
FingerprintE0:E9:3A:83:40:36:62:3C:AB:8E:0C:7A:4A:CF:15:9A:47:47:0A:8E
ValiditySat, 10 May 2025 06:56:54 GMT - Fri, 08 Aug 2025 06:56:53 GMT

File type
HTML document, ASCII text
Size
639 B (639 bytes)
Hash
b0193d57028847e8d9405957a79c9d42
f3b44f42fa110999aff904e13cc44735fa56c205
bc050e89b02ea5a64a9bd72fd1837954cd8ca1325d4d21c7cd6d45757df7d3de

HTTP Headers

GET /h/w5_MkebN5u8IU.jA8sJRkglNN5M6weTq64wHmz6rCK4kH0ZR0u65Dvlbf46c7MbCbqeBgmnKTbxMAHXSmx6133qHY.wPdAUjWrkaNqYELYhsCLS6Ugjsr6gKo7VvoyL15oCwM4oNk8evHMSC8fkto8Qlde4Sv87SIE56UFMKhRpMgh5ydF.MbZLiADFzyLVTVaqZWbNBizbvviA3LZ8DfAqq.qqqq.qq HTTP/1.1
Host: luckyforbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: TRK_TRG=eJxjYGBgEmEXZMosEOSxNNSzNNAzMdIzNDURZE5PzRdk8vMX5C5KTc%2FMz4tPzk9JFWT189c1MBbkTM4sqYSIsANF%2FItz8gWZM4sLBPmccjIrFILzc0pLgHqKBfnyUkviiwtSU1PAqtkYBTkyi%2BMLivIrKtkYAUzOIh4%3D; TRK_TRU7=eJxjYGBgEuEQZC5NNBVUMDS0MLMwMTWyMDBJtkg0SkqyMDMzNUgytTAwNDJNSzMVZE0qSsxL4RVkzc1PSc3hFeRKKsovL04tis9MYWMT5IfxylKLijPz83gcEg4wgIAga34xSAmLIBeQAZdVYYDIcqeklmUmp8aXVBaksjECAC4vJZ8%3D; trk_cpa_pixel=8d4cfab0-4f7e-11f0-abbf-bf4cbf9e74e6
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 22 Jun 2025 15:35:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Content-Encoding: gzip
Vary: Accept-Encoding

GET 1xlite-87523.bar/en?tag=d_85563m_4096c_[]MS[]null[]null[]general[]{site_id}_d22490_l15727_clickunder

91.186.206.107

302 Found

274 kB

URL User Request GET
1xlite-87523.bar/en?tag=d_85563m_4096c_[]MS[]null[]null[]general[]{site_id}_d22490_l15727_clickunder
IP
91.186.206.107:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type

Size
274 kB (273799 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en?tag=d_85563m_4096c_[]MS[]null[]null[]general[]{site_id}_d22490_l15727_clickunder HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckyforbet.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
location: https://1xlite-87523.bar/en/block
server-timing: dt_total;dur=0.010, total;dur=19;desc="Nuxt Server Time", wf-uht;dur=0.031
set-cookie: platform_type=desktop; Path=/; Expires=Wed, 25 Jun 2025 15:35:41 GMT; Secure; SameSite=None; Partitioned
gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Thu, 21 Aug 2025 15:35:41 GMT
reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; Path=/; Expires=Sun, 22 Jun 2025 16:35:41 GMT
postback_watcher=; Path=/; Expires=Sun, 22 Jun 2025 15:35:45 GMT
auid=W7rOa2hYIs1l+8aJBCwOAg==; path=/; secure; httponly; samesite=lax
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET 1xlite-87523.bar/main-static/61792ac9/check-ob.js

91.186.206.107

200 OK

219 B

URL GET
1xlite-87523.bar/main-static/61792ac9/check-ob.js
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JavaScript source, ASCII text
Size
219 B (219 bytes)
Hash
c065700c9c8c493403359e1f2baa10d9
4630fe729e70bdf63fa7ba6c84ec277fd1f51030
1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main-static/61792ac9/check-ob.js HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; postback_watcher=; auid=W7rOa2hYIs1l+8aJBCwOAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/javascript; charset=utf-8
content-length: 219
last-modified: Thu, 19 Jun 2025 12:35:52 GMT
etag: "c065700c9c8c493403359e1f2baa10d9"
x-amz-meta-mtime: 1750336551.243664066
expires: Mon, 23 Jun 2025 09:46:48 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/css/d3210503.css

185.244.209.62

200 OK

55 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/css/d3210503.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (55385), with no line terminators
Size
55 kB (55385 bytes)
Hash
d81bf189b0a4a3890e996eace092254a
5fdbcfd7ac870bbdcb2ea397737d6c59b76f508d
03ea73cc169073d2b907b1d22d3a6bb653a689b1350e5ce245140ab9d2337238

HTTP Headers

GET /main-static/61792ac9/desktop/default/css/d3210503.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/css; charset=utf-8
traceparent: 00-2f80f1518b83dc690616a22a1c550dfd-8b153e13a093ecef-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"d81bf189b0a4a3890e996eace092254a"
x-amz-meta-mtime: 1750336529.995595244
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:35 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8566
cache: HIT
x-cached-since: 2025-06-22T13:12:55+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500

142.250.74.136

200 OK

476 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)
Size
476 kB (475934 bytes)
Hash
b65a8f2691d5f91a32a6d23b6781ecf7
d3981e517403683f487cc7d7c5c10731f8e7b795
36ed156113dde3a444777a939e045c1389fc766d4fff8db89dc32749eb64abca

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66&cx=c&gtm=45He56g0v9180563600za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Jun 2025 15:35:53 GMT
expires: Sun, 22 Jun 2025 15:35:53 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 152058
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1265)
Size
1.3 kB (1297 bytes)
Hash
e3f1c4089db6b910890e85d97a2e2066
85828920da3c3fd7856acde184e835ac314295cd
6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-a2d653ed852175eb48ec0ff1f3ab8c57-42af3ecf9d7b986f-01
last-modified: Fri, 20 Jun 2025 14:13:24 GMT
etag: W/"e3f1c4089db6b910890e85d97a2e2066"
x-amz-meta-mtime: 1750428765.962144752
content-encoding: gzip
expires: Sat, 21 Jun 2025 17:53:38 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 78124
cache: HIT
x-cached-since: 2025-06-21T17:53:39+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/fd6ab89fd4.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/fd6ab89fd4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (833)
Size
1.2 kB (1206 bytes)
Hash
50906dd89561b1e7e6bf82539677960c
3f22a7d92fe79d7a3cd734159da6681449296ccb
02894d09ead719d04eedd68eaf741e57886145abd86d15e3e704166f8bf4d38a

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/fd6ab89fd4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-788bbe7e563691029108d5d8f2872568-127fb05211565234-01
last-modified: Wed, 18 Jun 2025 13:47:11 GMT
etag: W/"50906dd89561b1e7e6bf82539677960c"
x-amz-meta-mtime: 1750254148.967235156
content-encoding: gzip
expires: Thu, 19 Jun 2025 13:50:23 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5555
cache: HIT
x-cached-since: 2025-06-22T14:03:08+00:00
X-Firefox-Spdy: h2

GET radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

390 B

URL GET
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type

Size
390 B (390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sun, 22 Jun 2025 15:35:53 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Sun, 22 Jun 2025 15:45:53 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=807345694.1750606554&gtm=45je56g0v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&z=2115428507

142.250.74.131

200 OK

42 B

URL GET
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=807345694.1750606554&gtm=45je56g0v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&z=2115428507
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google.no
Fingerprint06:9A:0B:8C:DF:AC:70:7A:12:56:3A:16:E7:C4:85:BA:3E:C8:E2:63
ValidityMon, 02 Jun 2025 08:38:19 GMT - Mon, 25 Aug 2025 08:38:18 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=807345694.1750606554&gtm=45je56g0v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500&z=2115428507 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jun 2025 15:35:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_3f24c323430a3ff1fc919f4db9369cc5.json

185.244.209.62

200 OK

28 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_3f24c323430a3ff1fc919f4db9369cc5.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
28 kB (27510 bytes)
Hash
c578747775c4dc4a6102734b5e32266a
df9146d3c755c484a46eb3f58b4acc697df42cfc
6d18cd2a622f522de4f43031f708ff30f53d819af0a6cce6d974f5fd1b032982

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_3f24c323430a3ff1fc919f4db9369cc5.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json; charset=utf-8
traceparent: 00-2502dc77a73814d4116552f31f97ef62-0f4113af83493ce7-01
last-modified: Fri, 20 Jun 2025 20:06:26 GMT
etag: W/"c578747775c4dc4a6102734b5e32266a"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 20 Jun 2025 21:38:58 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1332
cache: HIT
x-cached-since: 2025-06-22T15:13:30+00:00
X-Firefox-Spdy: h2

POST stats.g.doubleclick.net/g/collect?v=2&tid=G-7JGWL9SV66&cid=807345694.1750606554&gtm=45je56g0v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500

173.194.221.157

204 No Content

0 B

URL POST
stats.g.doubleclick.net/g/collect?v=2&tid=G-7JGWL9SV66&cid=807345694.1750606554&gtm=45je56g0v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500
IP
173.194.221.157:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
FingerprintDC:7C:C3:C9:3E:E8:83:5E:72:17:1F:BB:BB:1D:2F:45:78:1B:6F:69
ValidityMon, 02 Jun 2025 08:35:36 GMT - Mon, 25 Aug 2025 08:35:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&cid=807345694.1750606554&gtm=45je56g0v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-87523.bar
date: Sun, 22 Jun 2025 15:35:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:127:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:127:0
report-to: {"group":"ascnsrsggc:127:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:127:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/3.3.258/Desktop/Default/merged.css

185.244.209.62

200 OK

926 kB

URL GET
v3.traincdn.com/sys-ui/3.3.258/Desktop/Default/merged.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
926 kB (926140 bytes)
Hash
071a333ba6c66187587416c578292b0f
d60a98f6affa7910df2dd867985d7d0659f548f9
5d9c85dc8f9473cb1f291b0e238cc0d7ae41ba688d5dcc3eddb8bda2ae4cafc4

HTTP Headers

GET /sys-ui/3.3.258/Desktop/Default/merged.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/css; charset=utf-8
traceparent: 00-4534036ff0c30665e8888fdea83b5092-9dc1ecbb1a6d9201-01
last-modified: Fri, 20 Jun 2025 13:53:43 GMT
etag: W/"071a333ba6c66187587416c578292b0f"
x-amz-meta-mtime: 1750427582.737916907
content-encoding: gzip
expires: Sat, 21 Jun 2025 13:59:00 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 5768
cache: HIT
x-cached-since: 2025-06-22T13:59:33+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/css/7fe5f71b.css

185.244.209.62

200 OK

3.3 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/css/7fe5f71b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3313), with no line terminators
Size
3.3 kB (3313 bytes)
Hash
c610b8710368de3bf2f1c5bb581b6a3a
f67bc86785d434adb2e81a356a7926b8818ac567
fad7111846310042401990719146401178f22e2618abf2b058e641b6495e8eba

HTTP Headers

GET /main-static/61792ac9/desktop/default/css/7fe5f71b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/css; charset=utf-8
traceparent: 00-0c93eafce190297097b36bae47e90d8a-3afd6ce1f906c09c-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"c610b8710368de3bf2f1c5bb581b6a3a"
x-amz-meta-mtime: 1750336529.991595231
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:38 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8566
cache: HIT
x-cached-since: 2025-06-22T13:12:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_69cc83dd1dd5aa09b7e969656389c84a.json

185.244.209.62

200 OK

137 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_69cc83dd1dd5aa09b7e969656389c84a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
137 kB (137443 bytes)
Hash
f6771970e0e2f97c0ff4c08c9c563e23
e21c097962c4f2f9fa71b67fd72883c382c055e7
8b1d00467b7d4a097a747ec89b6568dc608857b17f8f63d54c855bbab6935e23

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_69cc83dd1dd5aa09b7e969656389c84a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: application/json; charset=utf-8
traceparent: 00-8c9eece07e155f04ff6276b85b47c311-f7b6fbd5d94183ec-01
last-modified: Tue, 17 Jun 2025 16:07:05 GMT
etag: W/"f6771970e0e2f97c0ff4c08c9c563e23"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 17 Jun 2025 17:40:37 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2900
cache: HIT
x-cached-since: 2025-06-22T14:47:22+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/61792ac9/desktop/default/Betting.Core-27e1268d.js

185.244.209.62

200 OK

2.0 kB

URL GET
v3.traincdn.com/main-static/61792ac9/desktop/default/Betting.Core-27e1268d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1978), with no line terminators
Size
2.0 kB (1978 bytes)
Hash
05df4d064aa615aa90a8c03804b1a8d4
243b47dad517a68ca94212b6fc25170f2326c8d3
e1e56dada08aacab84b50ed15c2cb9fda4b31101143780738e26a762357f470a

HTTP Headers

GET /main-static/61792ac9/desktop/default/Betting.Core-27e1268d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-3d7fb831e8494b7d6e5eb5e60475f52b-7f542a3143096699-01
last-modified: Thu, 19 Jun 2025 12:35:31 GMT
etag: W/"05df4d064aa615aa90a8c03804b1a8d4"
x-amz-meta-mtime: 1750336529.983595205
content-encoding: gzip
expires: Fri, 20 Jun 2025 13:08:41 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 8566
cache: HIT
x-cached-since: 2025-06-22T13:12:56+00:00
X-Firefox-Spdy: h2

GET 1xlite-87523.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js

91.186.206.107

200 OK

760 B

URL GET
1xlite-87523.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js
IP
91.186.206.107:443
ASN
#0

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-87523.bar
FingerprintFC:01:CF:99:41:B9:66:76:A4:88:7F:BE:E1:BE:BC:A6:ED:9A:01:45
ValidityTue, 03 Jun 2025 08:57:07 GMT - Mon, 01 Sep 2025 08:57:06 GMT

File type
JavaScript source, ASCII text, with very long lines (759)
Size
760 B (760 bytes)
Hash
0b911773e0df627d77f8306c86e228aa
0d584bb1a3294e4fe42df4582dcc8a2c8f77f7bb
01e4926540498a77d866259516007d41fae1213ab9607db826f011d926fd6006

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1
Host: 1xlite-87523.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l15727_clickunder; auid=W7rOa2hYIs1l+8aJBCwOAg==; window_width=1280; che_g=2738350c-2a24-77d9-aee2-80e687305a05; SESSION=a928a90e57c0129862b0081357c79723
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:50 GMT
content-type: text/javascript; charset=utf-8
content-length: 492
cache-control: public, max-age=300
content-encoding: gzip
etag: 0b911773e0df627d77f8306c86e228aa
vary: Accept-Encoding
x-dt: 455
x-request-guid: b7cc498ce008f1fa6534c983792b5709
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.009, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.136

200 OK

343 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4828)
Size
343 kB (342638 bytes)
Hash
ea4b54b63fe142484c29840e25bfba26
92f231159bd230e8e97205b378965c0934d61ac5
17c6fd6c868bd1447713385996766038059b4294fb0fff30a8aa8d6ba6cc55e1

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Jun 2025 15:35:53 GMT
expires: Sun, 22 Jun 2025 15:35:53 GMT
cache-control: private, max-age=900
last-modified: Sun, 22 Jun 2025 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 119232
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 14030178.fls.doubleclick.net/activityi;src=14030178;type=xbet;cat=uniqu0;ord=1;num=6546577730173;npa=1;auiddc=742358630.1750606554;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56g0v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=2;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500;epver=2;dc_random=1750606553911;_dc_test=1;~oref=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock?

142.250.74.102

200 OK

656 B

URL GET
14030178.fls.doubleclick.net/activityi;src=14030178;type=xbet;cat=uniqu0;ord=1;num=6546577730173;npa=1;auiddc=742358630.1750606554;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56g0v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=2;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500;epver=2;dc_random=1750606553911;_dc_test=1;~oref=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock?
IP
142.250.74.102:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerGoogle Trust Services
Subject*.doubleclick.net
FingerprintFB:A1:4E:11:47:9D:59:E4:08:B3:F4:75:8B:B1:F2:7C:31:D8:11:B2
ValidityMon, 02 Jun 2025 08:35:28 GMT - Mon, 25 Aug 2025 08:35:27 GMT

File type
HTML document, ASCII text, with very long lines (656), with no line terminators
Size
656 B (656 bytes)
Hash
79f4ea12d0af3f8a9858d0f283c42f63
ddef308deb8028866998dc12865e696bd887041b
eabbfe7ca0153b4c47a4702b433aaf59200002028c622ab2c44eee51c3d31376

HTTP Headers

GET /activityi;src=14030178;type=xbet;cat=uniqu0;ord=1;num=6546577730173;npa=1;auiddc=742358630.1750606554;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe56g0v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=2;tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684204~104684207~104718208~104791498~104791500;epver=2;dc_random=1750606553911;_dc_test=1;~oref=https%3A%2F%2F1xlite-87523.bar%2Fen%2Fblock? HTTP/1.1
Host: 14030178.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jun 2025 15:35:54 GMT
expires: Sun, 22 Jun 2025 15:35:54 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 378
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 22-Jun-2025 15:50:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css

185.244.209.62

200 OK

650 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (649)
Size
650 B (650 bytes)
Hash
5d70ac7829c3ae41ce5c0971c798fbcf
9996ce3a09f56d3e37d67fbe7e1efb301ea2f261
0e76b1cd191bd618caea37cb7fb6673d12c7cdff7ea47e939758eda5764a140b

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-87523.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:41 GMT
content-type: text/css; charset=utf-8
content-length: 650
traceparent: 00-00beca99116a21b26f5753e9d29137e9-38577226cb88fe1d-01
last-modified: Wed, 18 Jun 2025 13:47:10 GMT
etag: "5d70ac7829c3ae41ce5c0971c798fbcf"
x-amz-meta-mtime: 1750254148.956234791
expires: Fri, 20 Jun 2025 09:44:36 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 20669
cache: HIT
x-cached-since: 2025-06-22T09:51:12+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js

185.244.209.62

200 OK

69 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
69 B (69 bytes)
Hash
2cdaa92927f02e0b628f1ef4d7dd8caf
9104a2e16ed080b80a42588b8aeb52ebec47ab7a
ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:42 GMT
content-type: text/javascript; charset=utf-8
content-length: 69
traceparent: 00-a35ba8b526ac88a9ddef7be3353a07eb-4d58ab03663e7ca8-01
last-modified: Wed, 18 Jun 2025 13:47:10 GMT
etag: "2cdaa92927f02e0b628f1ef4d7dd8caf"
x-amz-meta-mtime: 1750254148.951234625
expires: Thu, 19 Jun 2025 18:51:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 74223
cache: HIT
x-cached-since: 2025-06-21T18:58:39+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21232)
Size
21 kB (21252 bytes)
Hash
3cf0cae38afae9add22f7884e5061231
2a41037501375a439385a76a047876619683418f
322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-7f22dcc0cba2051434ceaed01d76fd6f-0dac57a6b8c1966d-01
last-modified: Fri, 20 Jun 2025 14:13:24 GMT
etag: W/"3cf0cae38afae9add22f7884e5061231"
x-amz-meta-mtime: 1750428765.978144538
content-encoding: gzip
expires: Sun, 22 Jun 2025 09:08:26 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 23151
cache: HIT
x-cached-since: 2025-06-22T09:09:52+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-87523.bar/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
13 kB (13278 bytes)
Hash
2b474bcc2f009b70e64e2b5a95dd50a4
1fd5ee2d54da7dfbf61e67efd938a89c548fc866
f86d880575f3f65ddaaf9e8a0e3746bbbefcefe7e6c0c4441e9e20ceffdca237

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-87523.bar/
Origin: https://1xlite-87523.bar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 15:35:43 GMT
content-type: application/json
traceparent: 00-fd499a7ce0c19b174f4c6d13948a1a57-24b7099fd08264b0-01
last-modified: Wed, 12 Mar 2025 09:35:22 GMT
etag: W/"2b474bcc2f009b70e64e2b5a95dd50a4"
content-encoding: gzip
expires: Wed, 12 Mar 2025 11:03:31 GMT
cache-control: max-age=3600
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 858
cache: HIT
x-cached-since: 2025-06-22T15:21:25+00:00
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (56)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML