{"report_id":"ecc5c21a-ded1-4f19-a65b-9820fc5b9135","version":6,"status":"done","tags":[],"date":"2026-01-06T09:32:51Z","url":{"schema":"http","addr":"1xlite-401048.top/","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":0,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"https","addr":"1xlite-401048.top/en/block","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"title":"1xBet","dom":{"size":22058,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (17918)","md5":"4f0b63885ae8d8deafa213677d07b58c","sha1":"8136e6d6f9bbb96a5f0749f3bc275ad2b3463264","sha256":"558592f2a37444f32f3003b2e2f799d1fad8c7e7c182ab1b809c4a5863f27e23","sha512":"1d875cfdc25b95241b958b9f3d9e9ce820b5ba2375de817d4d658d41785d3aa9fc5a1ac6051cf7138be837ec44bd43eacf69571199328adbaa1f189d5e9d28e0","ssdeep":"384:6cihZx4MRAsEqVCr3rywsf3EqOt8H7spXR4qt/0+To:psMr3rywy/OaApXR4E/0+c","tlshash":"8ea2d847f46c7017b7f755cc883aaacae6afe727c659919192fd81c40f86a57b203800","dom_hash":"domhash16459a11c48a968b7d0cdd94fbed685b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"1xlite-401048.top/","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":0,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-10T09:32:51Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"1xlite-401048.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"v3.traincdn.com","ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"domain_registered":"2022-11-10","domain_rank":256434,"first_seen":"2022-11-25T10:00:40Z","last_seen":"2026-01-06T02:02:35.390978Z","alert_count":0,"request_count":36,"received_data":3177629,"sent_data":18102,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-01-04T22:18:41.67311Z","alert_count":0,"request_count":1,"received_data":510243,"sent_data":438,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"region1.analytics.google.com","ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22257,"first_seen":"2022-03-17T11:26:33Z","last_seen":"2026-01-04T22:24:10.24242Z","alert_count":0,"request_count":2,"received_data":1702,"sent_data":2105,"comment":"","tags":null,"fingerprints":null},{"fqdn":"1xlite-401048.top","ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"domain_registered":"2024-12-18","domain_rank":0,"first_seen":"2025-11-10T20:57:23.290351Z","last_seen":"2026-01-03T21:36:19.637876Z","alert_count":9,"request_count":10,"received_data":62736,"sent_data":6792,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"radar.cedexis.com","ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"domain_registered":"2009-01-07","domain_rank":28156,"first_seen":"2013-11-27T02:31:43Z","last_seen":"2025-12-30T08:54:12.007239Z","alert_count":0,"request_count":2,"received_data":1415,"sent_data":850,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"stats.g.doubleclick.net","ip":{"addr":"74.125.205.156","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1996-01-16","domain_rank":958,"first_seen":"2012-07-01T17:13:23Z","last_seen":"2025-12-30T18:35:58.410565Z","alert_count":0,"request_count":1,"received_data":851,"sent_data":734,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.google.no","ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2001-02-26","domain_rank":92680,"first_seen":"2012-06-26T23:22:08Z","last_seen":"2026-01-04T22:22:39.558692Z","alert_count":0,"request_count":1,"received_data":580,"sent_data":773,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5d38e90df3397c5a27746ad24dad1ba0","sha1":"44ca702c6775f3b399e564c8d665ac1e0bcdae40","sha256":"bb2e4fe68e7fe4846d4940d68c81d55321a0485d1653baf25827ae4309f5a97c","sha512":"9f57072debf13e57e1d776cd56feb97606a1d48ba994c4375db8f7c80ef8ee9ac371e3d82119e914acad494cd4d9e4e2aa61be27cbc64fb0ae71fa331c5a8ee1","ssdeep":"6144:5ywsC6L1BIiUI+IVlmG4riOt28Mk9TURKWaiRWTC5/r7H7:BtyBwxI7HRKYWq","tlshash":"c8b4098f73c6742692daf078502f02cba9bb29e2b45d8897b1c9ccf01d7459a4167f78","size":509639,"data":"","first_seen":"2026-01-06T09:32:59.235494Z","last_seen":"2026-01-06T09:32:59.235494Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/en/block","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"dafb343aac3fe5ca646b209532d36997","sha1":"53e7e61d359e4302e8a8a993ef87941addbdcd3a","sha256":"27054e18281f5b986021cef8efafab9b9fbf6b6dc64a0027cca8bbb3050dc6d4","sha512":"2431a1f17b00f26dd58d329f3c4bcd32aeacc95ece9d1ac6086772ba90aa32700431daabebc5431f41654b2018b3bb9638215e2c0953c16188a17ccc8673c125","ssdeep":"","tlshash":"f6e0cd969519f61b5c33681d896c8b0f95c97e75500d795dc034855c3a53456106723a","size":308,"data":"","first_seen":"2025-12-10T10:19:59.465768Z","last_seen":"2026-04-04T12:33:30.630929Z","times_seen":810,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_LNU73JEK.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"d96d317966512ab8915a90670ca5a5af","sha1":"a810be1c3e515adb49804e8d976250deb16fd77d","sha256":"f125201d62c452efba070d856821885c7cfd539a31d55846caa6ae3a7522d3cf","sha512":"460b29966e6f5ac4d34ccc714217d29686d7aff42efa92a102729d40aa36dd4fbb87116178b2f9fdece5fdb09cb2bf2024312d3f1b86abb69644f695c76aca2d","ssdeep":"","tlshash":"a521f1e56fbc7ba362be2ae4a02e0041e001d53752f4f1d4f294dfb4a4e949d035b5b6","size":1232,"data":"","first_seen":"2025-08-22T10:11:14.554562Z","last_seen":"2026-03-04T04:00:43.411503Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"00e44cad05af09626c2b10aeee7de5a3","sha1":"4461fd05cdd85255f4ab24edd5ac80e7b6dec92e","sha256":"5277a86b8db312b1e34318cb994829e113d8204c3a2e88ab594e5135b2bbfb2a","sha512":"548bf615b1118881d21a0cfd2d530b3f0ce1e14cc93cb6afce662b30ac70877fa152fd71b5d786bb2e43e31a1980e00b83106b1f4b3ae12fbb2ddbedf6c81841","ssdeep":"","tlshash":"901159c232e3a0d183e058cd1001d906f23969e9a4bca0c9c757e6b93cb2a53d87672a","size":865,"data":"","first_seen":"2025-08-22T10:11:14.567955Z","last_seen":"2026-03-04T04:00:43.420123Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_YV646KAL.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"817daa834e18cb5941c970ebd9539382","sha1":"2776cb6819f955e7a9434dc6885f31a09c7458f0","sha256":"daee6582cc260392552be5918f785c8192fc39c90a0de67ec94105625a105f83","sha512":"d7d41f49d473fa846fa3e68a7de3196a282939e7d941eae3e641ac4f3df017f239c0eda9664ecb491a0d95c72557321e898cc0411d2d272d2357d8795f3a499a","ssdeep":"768:2XwZ1yyQBnJnqxqy3a1ztAy7lyyC0H64ar9Ebk0y6OWe/BtKoD4gPuLOdY:2XwWBnJqxq31p9lyypH642Ebk0y6OWgi","tlshash":"5de24d98b779b8a2336d50cc90770713b37559f3484d9060f3aa9ea234a5a43c2e7b79","size":31989,"data":"","first_seen":"2025-12-23T20:54:42.080275Z","last_seen":"2026-01-14T07:33:59.036202Z","times_seen":183,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"bea5b052c307601192270938523fa030","sha1":"937f7094c67f5a92c1032a7bc3f21ee94bec66ef","sha256":"f41290374ba615854ebb4b28a07de775581707f3b6427bcc01c0529c62476f64","sha512":"b9bff7f7d9b518ec76898a732114873c01206378c2a840c62062f05487ef773716ce841d7a5bafe3f0c65fbfdf05509852571a3a6b381661cb6f4984d6bc23a9","ssdeep":"384:ZP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxiZ:piZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7b92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","size":21252,"data":"","first_seen":"2025-08-22T10:11:14.555802Z","last_seen":"2026-03-04T04:00:43.408775Z","times_seen":3920,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PJNUBKRP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"7e7ebd44e3a6550f862e122ab7df6409","sha1":"384ecbc3ab0f65e6b0f88c1e68ba3eb73fad4999","sha256":"138767518a09e63d24f918f6380923893a2ec3aa59a640e51c83517501823076","sha512":"e2766b50e289dc6a69fa30432a49a0b7743f15cd15a54d707959c7623f258057a821a94285c492746216cfbf815089309b6cc09b930ba7977ff9c4ffc352d76e","ssdeep":"768:wDKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:wm8uPW43zEIOvdlUU","tlshash":"a5d2b68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","size":30277,"data":"","first_seen":"2025-08-22T10:11:14.535778Z","last_seen":"2026-03-04T04:00:43.425133Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/en/block","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"bb6c1985f3ffb4e953f6fc1f88ccf832","sha1":"1007cdd06c04e801b989851d8d57f050778aec40","sha256":"c02bfbd6da2f1e12f851a05bd2128b71af2244a884be000e631375416eb45bff","sha512":"8ac6c3171301db870fa0e5063b3de9a365c4181439506828e9c223ee243afe27e31005eaf64d0326bc31497c2856a0c83ccd692bc798db97d59ce6869f5a0fd7","ssdeep":"","tlshash":"d521ed25907d0a3f8a27462ea307ba419fad407662d67b1cf61c4f8ca6c62cda1135c7","size":1434,"data":"","first_seen":"2025-12-10T19:04:59.225162Z","last_seen":"2026-01-06T09:32:59.271409Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/192f3e7f77.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"a183d67a6f8ea109fef0a1b4f5f2b920","sha1":"9908c3bc21a4de25fe732742f501bd5b42c04c79","sha256":"ebdb6c637f146183a35569fcf56d547616da772f4b10c500a12a670fd46a6560","sha512":"c55796a768f46379b24f94bb40ff4846e651c94411fbf828648f1ba95353caeb7970abc3b37e4ffbac456c42085e8d46868a9d1ae07b0a2d31005d6025b7655e","ssdeep":"","tlshash":"ca5166967cb4b0b2af7643ee7e2640f5460d2a45b15d4093fded473c200f0a9176ab63","size":2848,"data":"","first_seen":"2025-12-23T20:54:42.020611Z","last_seen":"2026-01-14T07:33:59.008285Z","times_seen":127,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/19734a1859.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"0de0c156338f3d41ab95438c3d50bf21","sha1":"a39a274e2f641a2ed9c25a57fb8206974ad2c262","sha256":"1af1032c4d01a1d34bc1f6932bc12fcbe55b50735cee5caefdcd5fdca4591cb7","sha512":"2a894ed85c825eb50db36a6a733e0b521d6bb5128d21fcdca4beffc12f9795b3e20ef869d5404ebef83d6c68e0a8b997e31c16a41453c2b2b947e8421970d8a7","ssdeep":"","tlshash":"9bc08c0f24a85837826e4ef8991021421e0d85e533e105c8ed0c83ba032a4d3854e62a","size":165,"data":"","first_seen":"2025-12-23T20:54:41.987403Z","last_seen":"2026-01-14T07:33:59.049088Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/708191bc33.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"f558fd5629eaf2411a804db7a8f35d89","sha1":"c9239b8810c39517704dfc46f746c3f03136b466","sha256":"481f44e30fbad7065c6cf53e1b699af33c6afe77c4ecb17095eed9022c388e5e","sha512":"d10fc5869f68eea2268d0d3c9dc465268e348063a9b50a0401e0f08c91418da9bc75b187d1138b6f4676128a5241450ed60b2d2632407e58ff1cb501d3e526bc","ssdeep":"","tlshash":"84717346ac78f5f6ba0782a83d2344f0cb1fac2ed16449eae1f4c6bc129d4952432f57","size":3730,"data":"","first_seen":"2025-12-23T20:54:42.009554Z","last_seen":"2026-01-14T07:33:59.0485Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","size":390,"data":"","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/ec95a66bfe.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea480642e3fdad5b9118b3b2458455a7","sha1":"7d0a927ea118fd45b8b0342fff295cb3361d9387","sha256":"94cbddfb1ac92d6901543646d503a528b4132e388c6bde226782589026772e6d","sha512":"46d0e4811c5e32385998cad926bf723b16b83a610a189c731f37e84a3a4c0e7a30033e8a5c78669815201137d7c44dc22b7865c466dbeba22a65fdfe236916d1","ssdeep":"192:FhpR0b23WsQ0W99z/ULrcZkprVTrQitHZs6CS+v1d0:HpR0b23WsQ0W99z/YcZk/T7i6CS+v1y","tlshash":"abd1d6ad1ff930b420650fd8be1224b197a81d2793ec88f6ea590f64033d449c6ba967","size":6742,"data":"","first_seen":"2025-12-23T20:54:42.063151Z","last_seen":"2026-01-14T07:33:59.042438Z","times_seen":115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_67be4069d3.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"00e9a1cb57562ecdbc4f8a438ff0d3a7","sha1":"18b312426460be06bfc557ef8d24fc9328935b47","sha256":"360358fda10eb3510d6f69bd8362258043c0092d0c085fd24c1996fa20303790","sha512":"af88385a60878abfb1fffe9275e125445f0c177a9302a0ecb431dbdb7bba0c7888d4981323c78ea48278b821ec6a9a9c62bfa193a8dc684e6c2add3004d5edba","ssdeep":"","tlshash":"1cd0eb3d6ff1e0b5330528ff322b719233093c04930ad4a300a6036801c80faa275e3a","size":291,"data":"","first_seen":"2025-12-23T20:54:42.051787Z","last_seen":"2026-01-14T07:33:59.011214Z","times_seen":183,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/2de3cb6d98.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"748d69570f5ecc45d4e669b8c2d63b19","sha1":"60e3bb5ea966a9fcce1d6cb502e20fd67a446b6d","sha256":"aa09e47ded5695d360fad9336da11a29e24c8a62c08b13bdca76f19caf72dd89","sha512":"193263ac8bc41f13749c0459d6f53051fbbf86abee79cdec191601edefa9f1605ea6e894834d9fdb1a78f5c5520ecd6b9f653e63ea5fff6337f090fe7ec80c45","ssdeep":"","tlshash":"3f21837badb0f03846101afebc243071038b2e57868ed59995cc03a60347095592aeb7","size":1370,"data":"","first_seen":"2025-12-23T20:54:41.975798Z","last_seen":"2026-01-14T07:33:59.033741Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/en/block","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"d500a2ca1e727e6c3672cd77d68c98f6","sha1":"91bb9c29f3ca5bdb90a171d9d14f4fd8cab1bd13","sha256":"d0442eda8c76341a51da5fbf54d0e0c0b157ab5f4a3a617eafd7903a2ab21a26","sha512":"0f498727c99c9b80d3ad0fde0f95682f1d27151e877b21982c7a687b5d30688fda32c0155d5f7076df13e116af9a357a273f89e2f1275949dc46ed5825a10cb1","ssdeep":"","tlshash":"7c1175230a38e73f412468ccc9a1bba955d0285ab100d44f9dfc8c4b576b5d3ad93f13","size":1037,"data":"","first_seen":"2025-12-23T20:54:42.084049Z","last_seen":"2026-01-14T07:33:59.058133Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","size":69,"data":"","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"83e311eb8e222d229b6177bd007ce9eb","sha1":"96b851ffda0eab794c2bb637255a48ae25770144","sha256":"d0ff62de588e1c47eedbd91a89dcf394e2ec5bd09392ea556b9a34108077e9ad","sha512":"fd2e1bfb6588598e356ddc08724c2e6f602b89626b30eeca2c25b8f60340f25e28a761b8e13b75d1627172530abf7dd0e586e792f53759d08bda626145f65b0d","ssdeep":"","tlshash":"202112debed2b5908394188c4e2ec055f23a2957641ce6fcd765e7827c403a186f3c1d","size":1297,"data":"","first_seen":"2025-08-22T10:11:14.559442Z","last_seen":"2026-03-04T04:00:43.42063Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/entry-bbdf0b7ffc.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"538f7cf8c223d576e55ec57979962f1b","sha1":"a2d705e712322178eda29a6f371affc79ab46770","sha256":"7561410894dd995cafda66d9bf39de55d8f52e98058f4d0a46cfe105c45087e1","sha512":"e9a0d6b81f2d59235b74526d96411ae6e4e66c391e6df4a37a6da3b0ea9ebb1f608095a051d4ee3270ddab356665c2527977d64976a96bc026e613daee684fc0","ssdeep":"384:HkJQgN7zrAiEqUb8To4lGSdlqll70JGhPhjwVTGxcPRDCEBzua4QIiouV+2cTrcL:HkWuZEqc8To4rdlqll70JwPhjwV6xgRd","tlshash":"e2a21f7c219cf0f535cb459537f6bc526688ad2ff98abcd6409789cc03da04cc9663aa","size":22542,"data":"","first_seen":"2025-12-23T20:54:42.05595Z","last_seen":"2026-01-14T07:33:59.035481Z","times_seen":115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_1e35a72ffc.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"c0122178324b698b365f113bbe9f6cc2","sha1":"93adf11ecaba172a5ebf4042e249c0a4498ea5c0","sha256":"1f0e6e4b2f677f8ab4ee137d290d4bc5d788cd6d8ed1f80817a0222ea04095e5","sha512":"c536594213b8367a3a21ade27b64495481b2aa1c826c1bc2e641c54ab59463b3801eadf574c7b3375b8b3ca466c351cfeca1f74d54b66712bd5d1f891e0c3cd8","ssdeep":"49152:2FLjr8yGOI5w7RySDDAjLr2A234Y1Kl/F/Wmr4js:8E52a","tlshash":"06759d55f0467d223ee745e5a0771282b69c5a9ec408f4a4f1fbc8e83a8f44452afb7c","size":1628255,"data":"","first_seen":"2025-12-23T20:54:42.08575Z","last_seen":"2026-01-14T07:33:59.056196Z","times_seen":183,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/desktop/media_asset/2109bdcab2eeeb5f8b317407c150d526.jpg","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/desktop/media_asset/2109bdcab2eeeb5f8b317407c150d526.jpg HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 43780\r\ntraceparent: 00-92bab10f71df5fd9e051fd6365d60169-56476fcb026a7462-01\r\nlast-modified: Tue, 28 Oct 2025 08:16:03 GMT\r\netag: \"fe34643f62368c3f520a47df51dea89e\"\r\nexpires: Thu, 13 Nov 2025 15:50:34 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.046\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 520\r\ncache: HIT\r\nx-cached-since: 2026-01-06T09:23:50+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43780,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 930x896, components 3","md5":"fe34643f62368c3f520a47df51dea89e","sha1":"7c7b004d271d8d8fd178ef9f685caad9b010e3ef","sha256":"42e884962ad29cb600b46e195b3eca7572f1fb0cd4f6503da16b65da177fe9f9","sha512":"a44cdc16e582f504b0da5f1cc31ecc2a86bd522e896863b773f900afa83b9af20fd079913f8219eb677acd0601223af1aed285eccf38b6f90ea8f5865e8e0482","ssdeep":"768:ViWZEAicYOH8A2FaBCYAuxyfnPsGjpYbbtcbPCpeAOZM7B2N:V/gc7eEBCGxMPs1bbt2VHZwkN","tlshash":"03130263b22103ecdd74b37bc4ccdad429a846c48beae3dd35b56ab11b91409e5c854c","first_seen":"2025-12-11T11:34:39.675651Z","last_seen":"2026-03-05T13:11:00.333154Z","times_seen":38,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: image/png\r\ncontent-length: 653\r\ntraceparent: 00-8002b0465c156481cc031404681d9513-cca3be0513899750-01\r\nlast-modified: Wed, 26 Jun 2024 08:18:02 GMT\r\netag: \"e6f0766cbd95db33da44e7a9140648f2\"\r\nexpires: Thu, 16 Jan 2025 10:46:36 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2026\r\ncache: HIT\r\nx-cached-since: 2026-01-06T08:58:44+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":653,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"e6f0766cbd95db33da44e7a9140648f2","sha1":"5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf","sha256":"c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0","sha512":"249da39baba03408de98c7fa9a9342ef120436037ab6245b3b4a5f1a206291caaf67481c6ed67064544576697d41ab82499abffec998d837812292a050bf826a","ssdeep":"","tlshash":"90f083e032254a855c02ac7fc33414448fb226cc3682bb09e012887119d24a79dd1368","first_seen":"2023-04-05T22:56:35Z","last_seen":"2026-04-03T12:07:45.643999Z","times_seen":6597,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:40.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:40 GMT","end":"Wed, 25 Feb 2026 15:49:39 GMT"},"fingerprint":{"sha1":"A1:49:37:FE:E0:3E:26:88:A3:64:37:DC:04:D7:8D:D1:D3:F3:91:75","sha256":"BB:61:22:1A:6C:67:5D:C0:C8:A6:73:93:B9:53:82:98:95:54:B5:52:8B:33:FC:08:58:01:D2:3B:FF:E6:35:12"}}},"request":{"raw":"GET /gtag/js?id=G-5671CMJ6T4 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 06 Jan 2026 09:32:40 GMT\r\nexpires: Tue, 06 Jan 2026 09:32:40 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 161264\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":509639,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)","md5":"5d38e90df3397c5a27746ad24dad1ba0","sha1":"44ca702c6775f3b399e564c8d665ac1e0bcdae40","sha256":"bb2e4fe68e7fe4846d4940d68c81d55321a0485d1653baf25827ae4309f5a97c","sha512":"9f57072debf13e57e1d776cd56feb97606a1d48ba994c4375db8f7c80ef8ee9ac371e3d82119e914acad494cd4d9e4e2aa61be27cbc64fb0ae71fa331c5a8ee1","ssdeep":"6144:5ywsC6L1BIiUI+IVlmG4riOt28Mk9TURKWaiRWTC5/r7H7:BtyBwxI7HRKYWq","tlshash":"c8b4098f73c6742692daf078502f02cba9bb29e2b45d8897b1c9ccf01d7459a4167f78","first_seen":"2026-01-06T09:32:59.235494Z","last_seen":"2026-01-06T09:32:59.235494Z","times_seen":1,"resource_available":true,"data":null}},"time_used":495,"timings":{"blocked":175,"dns":1,"connect":27,"send":0,"wait":63,"receive":81,"ssl":145},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5cc1v897130004za200zd897130004\u0026_p=1767691960435\u0026em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=734613695.1767691961\u0026ecid=514154803\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026ec_mode=a\u0026_s=2\u0026tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391253~115583767~115616985~115938466~115938468~116184927~116184929~116251938~116251940\u0026sid=1767691960\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-401048.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026ep.optimize_id=GTM-5R4MT54\u0026tfd=12331","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:41.024Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5cc1v897130004za200zd897130004\u0026_p=1767691960435\u0026em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=734613695.1767691961\u0026ecid=514154803\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026ec_mode=a\u0026_s=2\u0026tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391253~115583767~115616985~115938466~115938468~116184927~116184929~116251938~116251940\u0026sid=1767691960\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-401048.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026ep.optimize_id=GTM-5R4MT54\u0026tfd=12331 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://1xlite-401048.top\r\ndate: Tue, 06 Jan 2026 09:32:41 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:170:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:170:0\r\nreport-to: {\"group\":\"ascnsrsggc:170:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:170:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"resource_available":true,"data":null}},"time_used":450,"timings":{"blocked":214,"dns":1,"connect":21,"send":0,"wait":20,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/entry-bbdf0b7ffc.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/entry-bbdf0b7ffc.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-9579dad49ac5ea9c00c83b6713f1f562-bf874d0f3e10331a-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: W/\"538f7cf8c223d576e55ec57979962f1b\"\r\nx-amz-meta-mtime: 1766488103.525478309\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 11:12:21 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 79485\r\ncache: HIT\r\nx-cached-since: 2026-01-05T11:27:44+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22542,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22015)","md5":"538f7cf8c223d576e55ec57979962f1b","sha1":"a2d705e712322178eda29a6f371affc79ab46770","sha256":"7561410894dd995cafda66d9bf39de55d8f52e98058f4d0a46cfe105c45087e1","sha512":"e9a0d6b81f2d59235b74526d96411ae6e4e66c391e6df4a37a6da3b0ea9ebb1f608095a051d4ee3270ddab356665c2527977d64976a96bc026e613daee684fc0","ssdeep":"384:HkJQgN7zrAiEqUb8To4lGSdlqll70JGhPhjwVTGxcPRDCEBzua4QIiouV+2cTrcL:HkWuZEqc8To4rdlqll70JwPhjwV6xgRd","tlshash":"e2a21f7c219cf0f535cb459537f6bc526688ad2ff98abcd6409789cc03da04cc9663aa","first_seen":"2025-12-23T20:54:42.05595Z","last_seen":"2026-01-14T07:33:59.035481Z","times_seen":115,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/bff-api/config/group/get?groups=d.technical,d.global\u0026lang=en","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-401048.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 05:20:59 GMT","end":"Sun, 05 Apr 2026 05:20:58 GMT"},"fingerprint":{"sha1":"12:B6:E7:45:0D:36:61:7D:85:7E:B5:63:E3:D2:A0:39:6A:5C:4E:62","sha256":"5F:11:A2:AD:2B:B7:3A:18:3A:30:57:29:80:E8:25:46:3D:C5:82:EC:4A:B6:87:F8:2F:A1:A7:CF:E8:A6:73:6D"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=d.technical,d.global\u0026lang=en HTTP/1.1\r\nHost: 1xlite-401048.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=sv0jQ2lc1q1T8/T/BCDsAg==; lng=en; tzo=3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, private\r\ncontent-encoding: br\r\nserver-timing: dt_total;dur=0.078, bff;dur=11.50, wf-uht;dur=0.024\r\nvary: Accept-Encoding\r\nx-dt: 1545\r\nx-pod: R-2mkfx\r\nx-time-ng: 0.013\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1434,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"755fadc58d775ff594304df2177c73fb","sha1":"0efa971516498dc57c407c3b5b0b4e6b97c78cbe","sha256":"d91d8571df8d724b90c600ceb68e59f1bcca6e18f8e1c1c012a61d8f5a4a448a","sha512":"0c49472f0a038ec2a7b6efbb297f99dd0d00a08ddf45329434651619ef697dc3b94cdf33ae69cc719c1f00446563dcddadee215399dedc93f237c6d5dc6375d9","ssdeep":"","tlshash":"3e21896e6075853c6068067adb82be149eed405f3a84b481fe4c9c5c61d2cdef92250b","first_seen":"2026-01-06T09:32:59.23806Z","last_seen":"2026-01-06T09:32:59.23806Z","times_seen":1,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"1xlite-401048.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_3077a431d59054a0bb97f4914c3ede99.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_3077a431d59054a0bb97f4914c3ede99.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-976489da06700e5dae39d8d4c83e0bc6-e4e4ea67ed8524ff-01\r\nlast-modified: Tue, 30 Dec 2025 08:10:39 GMT\r\netag: W/\"0291a092fe1434f30e86bfed5837d2bb\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Tue, 30 Dec 2025 09:18:45 GMT\r\nx-time-ng: 0.006\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2911\r\ncache: HIT\r\nx-cached-since: 2026-01-06T08:43:59+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":147636,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0291a092fe1434f30e86bfed5837d2bb","sha1":"2831f8ef70ec27383dc09527e1d9039270f257a4","sha256":"c167cc2c084474a61ed7e5c557e8426f20674b96322d27f168a45b431a3a66a7","sha512":"6af188a52a12cd0852b1ae5c968db8496cada2c25b2f3863ef8a689a24a201d70de4b97e8b099b1190dee975211ee1b779b00012f3b03c4c7185664ef515e48a","ssdeep":"3072:Li+H5u8iZcIkZPePfxxlRVPtE+IsLKHMc6WrDaRf7JmCpvZw:LVQXlRVPtE+ZKHZIf7JmChO","tlshash":"0ee3d80a194c6e7b0fda12ddf98fdf4962b00045aab2c822d8eec51e7197fd2917714b","first_seen":"2025-12-30T08:54:15.637987Z","last_seen":"2026-01-12T09:44:50.399789Z","times_seen":114,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:40.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1/23802/radar.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Tue, 06 Jan 2026 09:32:40 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nLocation: /1707728419/stub.js\r\nExpires: Tue, 06 Jan 2026 09:42:40 GMT\r\nCache-Control: max-age=600\r\nVary: User-Agent,DNT\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":44,"dns":0,"connect":18,"send":0,"wait":20,"receive":1,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 865\r\ntraceparent: 00-ce03e4f2adc3a5f975c658f61e93f4ff-dfc4b85fefd9b9ef-01\r\nlast-modified: Mon, 05 Jan 2026 13:45:43 GMT\r\netag: \"00e44cad05af09626c2b10aeee7de5a3\"\r\nx-amz-meta-mtime: 1767620063.765396572\r\nexpires: Wed, 07 Jan 2026 05:43:14 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 13755\r\ncache: HIT\r\nx-cached-since: 2026-01-06T05:43:14+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":865,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (840)","md5":"00e44cad05af09626c2b10aeee7de5a3","sha1":"4461fd05cdd85255f4ab24edd5ac80e7b6dec92e","sha256":"5277a86b8db312b1e34318cb994829e113d8204c3a2e88ab594e5135b2bbfb2a","sha512":"548bf615b1118881d21a0cfd2d530b3f0ce1e14cc93cb6afce662b30ac70877fa152fd71b5d786bb2e43e31a1980e00b83106b1f4b3ae12fbb2ddbedf6c81841","ssdeep":"","tlshash":"901159c232e3a0d183e058cd1001d906f23969e9a4bca0c9c757e6b93cb2a53d87672a","first_seen":"2025-08-22T10:11:14.567955Z","last_seen":"2026-03-04T04:00:43.420123Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/bff-api/config/group/get?groups=b.core,d.core\u0026lang=en","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-401048.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 05:20:59 GMT","end":"Sun, 05 Apr 2026 05:20:58 GMT"},"fingerprint":{"sha1":"12:B6:E7:45:0D:36:61:7D:85:7E:B5:63:E3:D2:A0:39:6A:5C:4E:62","sha256":"5F:11:A2:AD:2B:B7:3A:18:3A:30:57:29:80:E8:25:46:3D:C5:82:EC:4A:B6:87:F8:2F:A1:A7:CF:E8:A6:73:6D"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=b.core,d.core\u0026lang=en HTTP/1.1\r\nHost: 1xlite-401048.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=sv0jQ2lc1q1T8/T/BCDsAg==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, private\r\ncontent-encoding: br\r\nserver-timing: dt_total;dur=0.096, bff;dur=224.10, wf-uht;dur=0.284\r\nvary: Accept-Encoding\r\nx-dt: 1545\r\nx-pod: R-dnr57\r\nx-time-ng: 0.254\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":42761,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"69fcc2701b17a5d46810beb2e9b28df0","sha1":"5ef2273fde2efe9c3be242c8f64e47f8994d5a1e","sha256":"505a1828c8d51b41bbfb1cabd08b62f6cb4457dfd9849e3f21fecd9400069fb0","sha512":"58210680b60b13cf5d5b9ee19c93fa5565d725dcbfe0bc9b398908b7fc9e4f2a508bc75fa7d1fb3b1d5b9b7255bc4144905a0a1fce75fcfeb05102ff165057d5","ssdeep":"768:i8ZHsk/YwsBKzQ8f+Yig3tW2Jrq+sbk+00iPvVDFIBiQ:JZHsDwsBKznf+Y9w2JrLCk+00ABIcQ","tlshash":"4f13cd6e7ac06636411f1ab9cd63fd4e97f80f2f1853a05699e37c8624b2a2444e347f","first_seen":"2026-01-06T09:32:59.240338Z","last_seen":"2026-01-06T09:32:59.240338Z","times_seen":1,"resource_available":false,"data":null}},"time_used":320,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":320,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"1xlite-401048.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_c7c82d0ec840dcaf32f6dfe636c4fafc.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_c7c82d0ec840dcaf32f6dfe636c4fafc.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-05a011002cd4272d60ea0578fbed36c2-78255dedb2ae388d-01\r\nlast-modified: Wed, 17 Dec 2025 12:10:10 GMT\r\netag: W/\"573ca19484ed7b68628289de225c652b\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Wed, 17 Dec 2025 13:18:40 GMT\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1171\r\ncache: HIT\r\nx-cached-since: 2026-01-06T09:12:59+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2975,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"573ca19484ed7b68628289de225c652b","sha1":"2999f577da4581078174d2f467bdf80a5b884337","sha256":"89b905bf9f7efa10994d329be5ed307e2c48205e0a8a06be4801ccadebeadf3c","sha512":"7cfabf5198a96f2c4992fcd0dce602464be5f8b6f31d6e9686e82210185749fbbc6b3f70b22c90374cf2d095182d6a35f561e92b8f9e22098999bf3fc8c6943e","ssdeep":"","tlshash":"a651750f733c45e5383841403d0d6e6a7b160168afa29194fa8cd85d337f5cae12b22f","first_seen":"2025-12-18T00:40:38.951295Z","last_seen":"2026-02-11T03:04:26.783249Z","times_seen":346,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1545/desktop/media_asset/9c42f5d77ae54c656833b42f8f58babe.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1545/desktop/media_asset/9c42f5d77ae54c656833b42f8f58babe.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-a6bc4573c37c07ab8688b925f5557747-167a8621109b69ab-01\r\nlast-modified: Mon, 05 Jan 2026 16:51:29 GMT\r\netag: W/\"44a173dc5310d3986d6e5597951b2fd8\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 06 Jan 2026 10:32:30 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.051\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7797,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"44a173dc5310d3986d6e5597951b2fd8","sha1":"ffabaab387ad0fccf22e17ef0c705e9e1fe8dd62","sha256":"80436c2633d761527ff23e7b55fafb77678d980fbcc54860a95274ee056553c3","sha512":"eb1022b5b8c33a6f15793d0651b4319da557fafa46226699907e26c55687afb6579f5885815a98e45d29841dc4f1de43e20418471b3a1b2ed07b42e1959aefd5","ssdeep":"48:TzABBABGkABjABFygABCN/ABCNYN8ABWHAB3ABwEABzzEFABIIX4ABBxSHsABYiJ:l4bClXCL3cblP+XyLO5GIQ","tlshash":"31f12784fff05c33112f94ad98b27a89a3884f07a95a7d1c7f9d294c1f1451a04aadbe","first_seen":"2026-01-05T18:52:15.31756Z","last_seen":"2026-01-07T07:40:40.046255Z","times_seen":7,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1545/desktop/media_asset/e8f1bee003d070bfda2447d7b09a7874.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1545/desktop/media_asset/e8f1bee003d070bfda2447d7b09a7874.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-f5c8636409c682fa528163b892f40358-48474b1164c9ec91-01\r\nlast-modified: Wed, 24 Dec 2025 14:24:17 GMT\r\netag: W/\"90539e045cd6aee730f89f811acc4a30\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 03 Jan 2026 22:35:55 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1712,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"90539e045cd6aee730f89f811acc4a30","sha1":"b419105e1bca131d03bf88ea751fb2220fd35df8","sha256":"df5274eabaedc02741f745d19342175eb01707560f5867a537227190cea40537","sha512":"1e9d298520ec854b8e75b4c8961d9f8e30c26dd764542472ce0b2b23787156c4254a7024c435a04a832a37a00c8714c8d725647fd66d9935f6094b0749db0fc6","ssdeep":"","tlshash":"da31dc89fbf02cb3302f90ed99b7b54ed3880f07ac566d54ba5c754c2b54516006ad7e","first_seen":"2025-12-24T17:22:02.953849Z","last_seen":"2026-03-09T08:17:21.757896Z","times_seen":496,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1545/desktop/media_asset/c560399b07ee677aad70ed06987aeb49.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1545/desktop/media_asset/c560399b07ee677aad70ed06987aeb49.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-42d593d48dbbe9acdeac73db96e74ff3-3eefc9041da784fc-01\r\nlast-modified: Wed, 24 Dec 2025 19:01:56 GMT\r\netag: W/\"b5a6dbdf3f12e11d0c5275b2ca6dc739\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 03 Jan 2026 22:35:55 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3091,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b5a6dbdf3f12e11d0c5275b2ca6dc739","sha1":"a8495df42a8f1e18c12dc1723660d062bbc8fb6b","sha256":"8febfd79d9b9b1298af34575340a4288d6d5b01ee4e50c57f5a5509d602412f2","sha512":"813327003eefeef8e9772adc05530b46f52fc044d76f5ed1393854052836ae2f89a0118697367681afbab9084b4e215c3120bf09ea2713553a7e8286ca9afe2d","ssdeep":"","tlshash":"85514b4df6e41c33012f19bdc0f76a6993d84f4f694a7c283a9d6c4d1bd451900aad3e","first_seen":"2025-07-21T03:11:29.13175Z","last_seen":"2026-01-11T03:06:49.449217Z","times_seen":2816,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stats.g.doubleclick.net/g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026cid=734613695.1767691961\u0026gtm=45je5cc1v897130004za200zd897130004\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391253~115583767~115616985~115938466~115938468~116184927~116184929~116251938~116251940","fqdn":"stats.g.doubleclick.net","domain":"doubleclick.net","tld":"net"},"ip":{"addr":"74.125.205.156","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:41.025Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.g.doubleclick.net","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:37 GMT","end":"Wed, 25 Feb 2026 15:49:36 GMT"},"fingerprint":{"sha1":"F7:14:56:D7:7C:B6:25:7B:E0:63:1C:15:8B:BB:E7:B8:8F:D7:3B:0B","sha256":"97:B8:36:EB:45:3A:F4:9C:E2:0C:DC:7F:1A:1A:39:DD:49:84:6B:99:A5:77:93:14:FC:FB:D2:6B:5D:B5:25:DF"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026cid=734613695.1767691961\u0026gtm=45je5cc1v897130004za200zd897130004\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391253~115583767~115616985~115938466~115938468~116184927~116184929~116251938~116251940 HTTP/1.1\r\nHost: stats.g.doubleclick.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://1xlite-401048.top\r\ndate: Tue, 06 Jan 2026 09:32:41 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:138:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:138:0\r\nreport-to: {\"group\":\"ascnsrsggc:138:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:138:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"resource_available":true,"data":null}},"time_used":503,"timings":{"blocked":235,"dns":0,"connect":29,"send":0,"wait":30,"receive":0,"ssl":205},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/en/block","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-06T09:32:29.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-401048.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 05:20:59 GMT","end":"Sun, 05 Apr 2026 05:20:58 GMT"},"fingerprint":{"sha1":"12:B6:E7:45:0D:36:61:7D:85:7E:B5:63:E3:D2:A0:39:6A:5C:4E:62","sha256":"5F:11:A2:AD:2B:B7:3A:18:3A:30:57:29:80:E8:25:46:3D:C5:82:EC:4A:B6:87:F8:2F:A1:A7:CF:E8:A6:73:6D"}}},"request":{"raw":"GET /en/block HTTP/1.1\r\nHost: 1xlite-401048.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=sv0jQ2lc1q1T8/T/BCDsAg==\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 203 Non Authoritative\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/html;charset=utf-8\r\ncontent-length: 3311\r\nserver-timing: dt_total;dur=0.081, dt_total;dur=0.005, total;dur=180;desc=\"MF\"\r\nset-cookie: gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Fri, 09 Jan 2026 09:32:29 GMT; Secure\r\nvary: Accept-Encoding\r\nx-dt: 1545, 1545\r\nx-time-ng: 0.183\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"203","status_text":"Non Authoritative","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3030)","md5":"b1f6a9a10d90f817295bbb97800b7882","sha1":"72c5bf30b622d4092d9260b02a009d582dca2216","sha256":"efa46835685b76550f466e3329d7b748fdd5c5a7e6ba84ad5ab583499372d704","sha512":"286c9b256da7fa435ff54c8bd59a85e04f2e26a6e33e69012d71dfed9a486278e5dc7ecec653d315cdced9a36b989f7e12b9bf174d854be889b3d6c3f406f8ed","ssdeep":"","tlshash":"9561d727503ccb3f4522455d8a42fb0a8ecc287b7149e94ce67c4e8d27c62cba417a47","first_seen":"2026-01-03T21:36:22.867069Z","last_seen":"2026-01-06T09:32:59.244696Z","times_seen":2,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"1xlite-401048.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/version.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /version.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: application/json\r\ncontent-length: 11\r\ntraceparent: 00-7cb76bbb5c2e4ab834be03e1502355f5-3e6bb616b6ffbb19-01\r\nlast-modified: Mon, 05 Jan 2026 11:08:44 GMT\r\netag: \"25f156f2f7cde57371afbacac9c0e447\"\r\nx-amz-meta-mtime: 1767611324.373294644\r\nexpires: Mon, 05 Jan 2026 11:10:27 GMT\r\ncache-control: max-age=60\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 31\r\ncache: HIT\r\nx-cached-since: 2026-01-06T09:31:58+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text","md5":"25f156f2f7cde57371afbacac9c0e447","sha1":"cc4747ef0dc01504372021b068fe0b2d6ca25b30","sha256":"14eefe87c363e2a1a5ee10d341d3adb29a713d9545fb42d9f7b9e72330d4efe6","sha512":"78c55ca47baea07757df0ff5d4022a8ae1b84581448bde3d1f08eac592a65717edb5b2fafd1795a3c8422ac0c55fbd9e260675e4d5990daf462d4e4a135da798","ssdeep":"","tlshash":"315000cc0c00c0c0000300000000c03c000030030000c0c0000000c0000033000000c0","first_seen":"2026-01-05T12:50:32.755698Z","last_seen":"2026-01-08T23:46:25.02443Z","times_seen":27,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-7bc8dc977680b6bae115db4ce54c9c34-b160e7f1cf4b0e75-01\r\nlast-modified: Mon, 05 Jan 2026 09:35:55 GMT\r\netag: W/\"bea5b052c307601192270938523fa030\"\r\nx-amz-meta-mtime: 1767605670.775327801\r\ncontent-encoding: gzip\r\nexpires: Tue, 06 Jan 2026 12:16:58 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 76531\r\ncache: HIT\r\nx-cached-since: 2026-01-05T12:16:58+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21252,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (21232)","md5":"bea5b052c307601192270938523fa030","sha1":"937f7094c67f5a92c1032a7bc3f21ee94bec66ef","sha256":"f41290374ba615854ebb4b28a07de775581707f3b6427bcc01c0529c62476f64","sha512":"b9bff7f7d9b518ec76898a732114873c01206378c2a840c62062f05487ef773716ce841d7a5bafe3f0c65fbfdf05509852571a3a6b381661cb6f4984d6bc23a9","ssdeep":"384:ZP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxiZ:piZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7b92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","first_seen":"2025-08-22T10:11:14.555802Z","last_seen":"2026-03-04T04:00:43.408775Z","times_seen":3920,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/ec95a66bfe.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.025Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/ec95a66bfe.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-e04d3c7ef1a2ef485adb9c5adf65e6da-40375c1484be93f0-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: W/\"ea480642e3fdad5b9118b3b2458455a7\"\r\nx-amz-meta-mtime: 1766488103.520477888\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 11:12:21 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 79485\r\ncache: HIT\r\nx-cached-since: 2026-01-05T11:27:45+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6742,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6154)","md5":"ea480642e3fdad5b9118b3b2458455a7","sha1":"7d0a927ea118fd45b8b0342fff295cb3361d9387","sha256":"94cbddfb1ac92d6901543646d503a528b4132e388c6bde226782589026772e6d","sha512":"46d0e4811c5e32385998cad926bf723b16b83a610a189c731f37e84a3a4c0e7a30033e8a5c78669815201137d7c44dc22b7865c466dbeba22a65fdfe236916d1","ssdeep":"192:FhpR0b23WsQ0W99z/ULrcZkprVTrQitHZs6CS+v1d0:HpR0b23WsQ0W99z/YcZk/T7i6CS+v1y","tlshash":"abd1d6ad1ff930b420650fd8be1224b197a81d2793ec88f6ea590f64033d449c6ba967","first_seen":"2025-12-23T20:54:42.063151Z","last_seen":"2026-01-14T07:33:59.042438Z","times_seen":115,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/2de3cb6d98.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/2de3cb6d98.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-1ce52546cb71faad0f2e7f1dd75deecc-0a774ece97a51e6a-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: W/\"748d69570f5ecc45d4e669b8c2d63b19\"\r\nx-amz-meta-mtime: 1766488103.536479234\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 11:12:24 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 79484\r\ncache: HIT\r\nx-cached-since: 2026-01-05T11:27:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1370,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1358)","md5":"748d69570f5ecc45d4e669b8c2d63b19","sha1":"60e3bb5ea966a9fcce1d6cb502e20fd67a446b6d","sha256":"aa09e47ded5695d360fad9336da11a29e24c8a62c08b13bdca76f19caf72dd89","sha512":"193263ac8bc41f13749c0459d6f53051fbbf86abee79cdec191601edefa9f1605ea6e894834d9fdb1a78f5c5520ecd6b9f653e63ea5fff6337f090fe7ec80c45","ssdeep":"","tlshash":"3f21837badb0f03846101afebc243071038b2e57868ed59995cc03a60347095592aeb7","first_seen":"2025-12-23T20:54:41.975798Z","last_seen":"2026-01-14T07:33:59.033741Z","times_seen":114,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/4d416977b5.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/4d416977b5.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-67c3a32d8c3acfc3920bfa72c02bdff4-3c5b7b1f0ff07d29-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:44 GMT\r\netag: W/\"5c33927153f6d628ea771eb51a514b09\"\r\nx-amz-meta-mtime: 1766488103.471473767\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 17:22:05 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 57676\r\ncache: HIT\r\nx-cached-since: 2026-01-05T17:31:14+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3884,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3883)","md5":"5c33927153f6d628ea771eb51a514b09","sha1":"40390b90d99b2d3408d597d24daedc4bf614beda","sha256":"302ec7f61d1e628eba933d5b3c75a98f3135bbbd45af794476a0fcbdf145a9c5","sha512":"edde36cc3523543858227617d05807be04053a8b6a1569452abb135fd96074f99252834da9f54d31ae23bc06d06dcb3a1f57ad65e44686dbfc837ff8d94d82ca","ssdeep":"","tlshash":"19818c58bcaf409cfc37df210bdb5e188276b122d11692c8f841953a2ddb98794f149f","first_seen":"2025-11-13T15:27:51.581732Z","last_seen":"2026-02-17T23:36:16.903884Z","times_seen":837,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/19734a1859.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/19734a1859.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 165\r\ntraceparent: 00-3f0a8f2eb4c60ee7c3c4ac9ff8b7d4d1-5f0e912f9935dfec-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: \"0de0c156338f3d41ab95438c3d50bf21\"\r\nx-amz-meta-mtime: 1766488103.537479318\r\nexpires: Sat, 27 Dec 2025 16:13:29 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 61745\r\ncache: HIT\r\nx-cached-since: 2026-01-05T16:23:25+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"Java source, ASCII text","md5":"0de0c156338f3d41ab95438c3d50bf21","sha1":"a39a274e2f641a2ed9c25a57fb8206974ad2c262","sha256":"1af1032c4d01a1d34bc1f6932bc12fcbe55b50735cee5caefdcd5fdca4591cb7","sha512":"2a894ed85c825eb50db36a6a733e0b521d6bb5128d21fcdca4beffc12f9795b3e20ef869d5404ebef83d6c68e0a8b997e31c16a41453c2b2b947e8421970d8a7","ssdeep":"","tlshash":"9bc08c0f24a85837826e4ef8991021421e0d85e533e105c8ed0c83ba032a4d3854e62a","first_seen":"2025-12-23T20:54:41.987403Z","last_seen":"2026-01-14T07:33:59.049088Z","times_seen":114,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.no/ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-7JGWL9SV66\u0026cid=734613695.1767691961\u0026gtm=45je5cc1v897130004za200zd897130004\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391253~115583767~115616985~115938466~115938468~116184927~116184929~116251938~116251940\u0026z=1394158560","fqdn":"www.google.no","domain":"google.no","tld":"no"},"ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:41.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.no","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:28 GMT","end":"Wed, 25 Feb 2026 15:59:27 GMT"},"fingerprint":{"sha1":"26:28:32:29:0D:EC:7C:A6:70:C6:B4:55:22:40:CC:C6:C2:BE:44:6D","sha256":"BA:6B:58:64:89:F9:73:7D:3A:37:E9:08:D4:E1:6A:49:39:B9:EF:6C:43:F6:DC:F5:92:3D:2C:1E:95:7E:10:94"}}},"request":{"raw":"GET /ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-7JGWL9SV66\u0026cid=734613695.1767691961\u0026gtm=45je5cc1v897130004za200zd897130004\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391253~115583767~115616985~115938466~115938468~116184927~116184929~116251938~116251940\u0026z=1394158560 HTTP/1.1\r\nHost: www.google.no\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ndate: Tue, 06 Jan 2026 09:32:41 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\nx-content-type-options: nosniff\r\nserver: cafe\r\ncontent-length: 42\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"d89746888da2d9510b64a9f031eaecd5","sha1":"d5fceb6532643d0d84ffe09c40c481ecdf59e15a","sha256":"ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629","sha512":"d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c","ssdeep":"","tlshash":"c4900023fa808000c3a8c2300a0b238a2b8c80200a28030b80ae208cec3a3a22c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-04T12:49:15.190605Z","times_seen":763084,"resource_available":true,"data":null}},"time_used":362,"timings":{"blocked":161,"dns":1,"connect":15,"send":0,"wait":36,"receive":0,"ssl":146},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/favicon.ico","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-401048.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 05:20:59 GMT","end":"Sun, 05 Apr 2026 05:20:58 GMT"},"fingerprint":{"sha1":"12:B6:E7:45:0D:36:61:7D:85:7E:B5:63:E3:D2:A0:39:6A:5C:4E:62","sha256":"5F:11:A2:AD:2B:B7:3A:18:3A:30:57:29:80:E8:25:46:3D:C5:82:EC:4A:B6:87:F8:2F:A1:A7:CF:E8:A6:73:6D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 1xlite-401048.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/en/block\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=sv0jQ2lc1q1T8/T/BCDsAg==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-length: 0\r\nlocation: /en/block\r\nset-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Fri, 09 Jan 2026 09:32:29 GMT; Secure\r\nx-dt: 1545\r\nx-gw-blk-redirect-reason: block\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.004, wf-uht;dur=0.009\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"1xlite-401048.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_1e35a72ffc.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_base-app_1e35a72ffc.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-066b1e32bb5c88f138506b275b55be46-67d49e3b4050b1a4-01\r\nlast-modified: Mon, 05 Jan 2026 13:45:46 GMT\r\netag: W/\"c0122178324b698b365f113bbe9f6cc2\"\r\nx-amz-meta-mtime: 1767620063.761396557\r\ncontent-encoding: gzip\r\nexpires: Wed, 07 Jan 2026 09:06:27 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1308\r\ncache: HIT\r\nx-cached-since: 2026-01-06T09:10:41+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1628255,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (23791)","md5":"0e09ea6ca336302e09328e11eea7eb20","sha1":"a3cb8880feaa296cc191d72259ad73b1a3b752cb","sha256":"8ef3fa0028abf530c73f0f08c2a08285066a4a9202ed3c4296d911ffe154489f","sha512":"01dceefe56140a7d94066b3a42582bbf12454372ea3e79547b29458bb8f0d3f20b5d6d4c6e4d6a8092134ff92adc51fa9b5aeaf0bbae312f8e8cd026bd9a6cea","ssdeep":"24576:2FLjr8yGOPw5wtuiRySDDAjLr2A234Y1QTDJ/F/k:2FLjr8yGOI5w7RySDDAjLr2A234Y1Kle","tlshash":"9f259e65f112791339e755e5a0631387ba9c499ed80ce894f2e7cde43a8b41022eef7c","first_seen":"2025-12-23T20:54:42.018305Z","last_seen":"2026-01-14T07:33:58.996601Z","times_seen":181,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/192f3e7f77.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/192f3e7f77.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-86eb25e8ca81912e4135d829e107438b-d100edb3a4c461a3-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: W/\"a183d67a6f8ea109fef0a1b4f5f2b920\"\r\nx-amz-meta-mtime: 1766488103.537479318\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 11:12:21 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 79485\r\ncache: HIT\r\nx-cached-since: 2026-01-05T11:27:45+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2848,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2845)","md5":"a183d67a6f8ea109fef0a1b4f5f2b920","sha1":"9908c3bc21a4de25fe732742f501bd5b42c04c79","sha256":"ebdb6c637f146183a35569fcf56d547616da772f4b10c500a12a670fd46a6560","sha512":"c55796a768f46379b24f94bb40ff4846e651c94411fbf828648f1ba95353caeb7970abc3b37e4ffbac456c42085e8d46868a9d1ae07b0a2d31005d6025b7655e","ssdeep":"","tlshash":"ca5166967cb4b0b2af7643ee7e2640f5460d2a45b15d4093fded473c200f0a9176ab63","first_seen":"2025-12-23T20:54:42.020611Z","last_seen":"2026-01-14T07:33:59.008285Z","times_seen":127,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-401048.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 05:20:59 GMT","end":"Sun, 05 Apr 2026 05:20:58 GMT"},"fingerprint":{"sha1":"12:B6:E7:45:0D:36:61:7D:85:7E:B5:63:E3:D2:A0:39:6A:5C:4E:62","sha256":"5F:11:A2:AD:2B:B7:3A:18:3A:30:57:29:80:E8:25:46:3D:C5:82:EC:4A:B6:87:F8:2F:A1:A7:CF:E8:A6:73:6D"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-401048.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 77c22b77-3cc9-44a7-acb5-3d8761d62b0a\r\nContent-Length: 48\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=sv0jQ2lc1q1T8/T/BCDsAg==; lng=en; tzo=3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":48,"data":"{\"w\":55,\"sw\":1280,\"sh\":1024,\"e\":10273,\"sids\":[]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 1545\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.053, wf-uht;dur=0.009\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"6568d0526875b4eb4ffb4a0bf2913104","sha1":"fb082e38d5af1a7031b48c06a9df60ce23b357f0","sha256":"501bf823ad5b29d4b9f32a9b71e6f67bc9aef01498472c69cce04a690f8819fa","sha512":"23a094ccfc45d42288550e27aa343e12a9ebea8d8003c2b785e063e05ecc5ca42fc7a6fa032bad84cc4a09749edcc6934944f42a18239273a8e22d4ecf32bd97","ssdeep":"","tlshash":"7670000200000300888802020220288228b0c2328ac2c82800c00a000008ea0e22a00b","first_seen":"2026-01-06T09:32:59.253161Z","last_seen":"2026-01-06T09:32:59.253161Z","times_seen":1,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"1xlite-401048.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_67be4069d3.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_67be4069d3.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 291\r\ntraceparent: 00-982ce86c5814f8b6c592134790cbebd6-53e9035f0fe327c5-01\r\nlast-modified: Mon, 05 Jan 2026 13:45:46 GMT\r\netag: \"00e9a1cb57562ecdbc4f8a438ff0d3a7\"\r\nx-amz-meta-mtime: 1767620063.722396417\r\nexpires: Wed, 07 Jan 2026 09:10:51 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1299\r\ncache: HIT\r\nx-cached-since: 2026-01-06T09:10:51+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":291,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"Java source, ASCII text","md5":"00e9a1cb57562ecdbc4f8a438ff0d3a7","sha1":"18b312426460be06bfc557ef8d24fc9328935b47","sha256":"360358fda10eb3510d6f69bd8362258043c0092d0c085fd24c1996fa20303790","sha512":"af88385a60878abfb1fffe9275e125445f0c177a9302a0ecb431dbdb7bba0c7888d4981323c78ea48278b821ec6a9a9c62bfa193a8dc684e6c2add3004d5edba","ssdeep":"","tlshash":"1cd0eb3d6ff1e0b5330528ff322b719233093c04930ad4a300a6036801c80faa275e3a","first_seen":"2025-12-23T20:54:42.051787Z","last_seen":"2026-01-14T07:33:59.011214Z","times_seen":183,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/e27425a6cf.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/e27425a6cf.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-e25ebe463aa278201083b48b4e7dd602-630124c8e5373d55-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:44 GMT\r\netag: W/\"544ea803a3df8e55e85706a646f95614\"\r\nx-amz-meta-mtime: 1766488103.514477383\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 14:43:13 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 66995\r\ncache: HIT\r\nx-cached-since: 2026-01-05T14:55:55+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2867,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (2866)","md5":"544ea803a3df8e55e85706a646f95614","sha1":"ae409064324337a44a066208ec8fa7166bbfd628","sha256":"8991a0d7246dce731aee299bf16a3acbf1f59d5f36776c27e8cfcb7e77b3732e","sha512":"bc0360c2cfce28bc29b49404fe3e3230546cb7b7aebea9936246d7e99f78ac7a66b5143adea22a527739ba10799d93f73cde16c0363961b1b1632e39ddb5e6a7","ssdeep":"","tlshash":"c0516adef8b9d5752d33f022d70c5eb95930b527c5214e82f48c93a125c3a922aa1dae","first_seen":"2025-11-12T14:09:39.097866Z","last_seen":"2026-02-06T09:24:24.17097Z","times_seen":1064,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5cc1v897130004za200zd897130004\u0026_p=1767691960435\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=734613695.1767691961\u0026ecid=514154803\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AEAAAAQ\u0026_s=1\u0026tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391253~115583767~115616985~115938466~115938468~116184927~116184929~116251938~116251940\u0026sid=1767691960\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-401048.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=scroll\u0026ep.optimize_id=GTM-5R4MT54\u0026epn.percent_scrolled=90\u0026upn.ref_id=1\u0026tfd=12330","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:41.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5cc1v897130004za200zd897130004\u0026_p=1767691960435\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=734613695.1767691961\u0026ecid=514154803\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AEAAAAQ\u0026_s=1\u0026tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391253~115583767~115616985~115938466~115938468~116184927~116184929~116251938~116251940\u0026sid=1767691960\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-401048.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=scroll\u0026ep.optimize_id=GTM-5R4MT54\u0026epn.percent_scrolled=90\u0026upn.ref_id=1\u0026tfd=12330 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://1xlite-401048.top\r\ndate: Tue, 06 Jan 2026 09:32:41 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:170:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:170:0\r\nreport-to: {\"group\":\"ascnsrsggc:170:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:170:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":84,"dns":1,"connect":8,"send":0,"wait":21,"receive":0,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/non-embedded.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/non-embedded.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-21e6b0754421bd9847c53ffa3bba55ab-153f70e25fb1d225-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:44 GMT\r\netag: W/\"124cc24d18351af1656eae12be6975c9\"\r\nx-amz-meta-mtime: 1766488103.527478477\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 13:00:06 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 73042\r\ncache: HIT\r\nx-cached-since: 2026-01-05T13:15:07+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":50203,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (50202)","md5":"124cc24d18351af1656eae12be6975c9","sha1":"9fcf552112c0d0405f116a0c075ebad921a599c3","sha256":"736db5bdc9562cb0d626cce25730c516183749db3f8228c5d3e566316adccc12","sha512":"7d68a9abd66737f299a36dedc3aa1406711e2ad10497ffd96dfe2ac136c5813342ad89102fb333fffed1b3a8dbf6efbca1b8b4df9aa72e78a2815e2108b62002","ssdeep":"384:FdHpVLkq1Tk9wE1rx1ixddVbVBZYYBJ+JuqQr9C4GWkHjB5lc:XcQvZYY4Qr/sHlc","tlshash":"0633750acd801257be7b893a3584fb0865e4e54bed730e2df459d0448fe7e9f26a03a5","first_seen":"2025-11-25T12:36:55.909711Z","last_seen":"2026-03-05T12:27:01.087128Z","times_seen":561,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":63,"dns":18,"connect":5,"send":0,"wait":1,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/en/block","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-401048.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 05:20:59 GMT","end":"Sun, 05 Apr 2026 05:20:58 GMT"},"fingerprint":{"sha1":"12:B6:E7:45:0D:36:61:7D:85:7E:B5:63:E3:D2:A0:39:6A:5C:4E:62","sha256":"5F:11:A2:AD:2B:B7:3A:18:3A:30:57:29:80:E8:25:46:3D:C5:82:EC:4A:B6:87:F8:2F:A1:A7:CF:E8:A6:73:6D"}}},"request":{"raw":"GET /en/block HTTP/1.1\r\nHost: 1xlite-401048.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/en/block\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=sv0jQ2lc1q1T8/T/BCDsAg==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 203 Non Authoritative\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/html;charset=utf-8\r\ncontent-length: 3311\r\nserver-timing: dt_total;dur=0.062, dt_total;dur=0.004, total;dur=1;desc=\"MF\"\r\nset-cookie: gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Fri, 09 Jan 2026 09:32:29 GMT; Secure\r\nvary: Accept-Encoding\r\nx-dt: 1545, 1545\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"203","status_text":"Non Authoritative","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3030)","md5":"b1f6a9a10d90f817295bbb97800b7882","sha1":"72c5bf30b622d4092d9260b02a009d582dca2216","sha256":"efa46835685b76550f466e3329d7b748fdd5c5a7e6ba84ad5ab583499372d704","sha512":"286c9b256da7fa435ff54c8bd59a85e04f2e26a6e33e69012d71dfed9a486278e5dc7ecec653d315cdced9a36b989f7e12b9bf174d854be889b3d6c3f406f8ed","ssdeep":"","tlshash":"9561d727503ccb3f4522455d8a42fb0a8ecc287b7149e94ce67c4e8d27c62cba417a47","first_seen":"2026-01-03T21:36:22.867069Z","last_seen":"2026-01-06T09:32:59.244696Z","times_seen":2,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"1xlite-401048.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_YV646KAL.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_vue_deps_YV646KAL.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-e9f77daebdc9f0689860c05d2d542fe0-da9bcdfaabcbc78e-01\r\nlast-modified: Mon, 05 Jan 2026 13:45:43 GMT\r\netag: W/\"817daa834e18cb5941c970ebd9539382\"\r\nx-amz-meta-mtime: 1767620063.765396572\r\ncontent-encoding: gzip\r\nexpires: Wed, 07 Jan 2026 08:50:40 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2094\r\ncache: HIT\r\nx-cached-since: 2026-01-06T08:57:35+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31989,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31848)","md5":"817daa834e18cb5941c970ebd9539382","sha1":"2776cb6819f955e7a9434dc6885f31a09c7458f0","sha256":"daee6582cc260392552be5918f785c8192fc39c90a0de67ec94105625a105f83","sha512":"d7d41f49d473fa846fa3e68a7de3196a282939e7d941eae3e641ac4f3df017f239c0eda9664ecb491a0d95c72557321e898cc0411d2d272d2357d8795f3a499a","ssdeep":"768:2XwZ1yyQBnJnqxqy3a1ztAy7lyyC0H64ar9Ebk0y6OWe/BtKoD4gPuLOdY:2XwWBnJqxq31p9lyypH642Ebk0y6OWgi","tlshash":"5de24d98b779b8a2336d50cc90770713b37559f3484d9060f3aa9ea234a5a43c2e7b79","first_seen":"2025-12-23T20:54:42.080275Z","last_seen":"2026-01-14T07:33:59.036202Z","times_seen":183,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-401048.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 05:20:59 GMT","end":"Sun, 05 Apr 2026 05:20:58 GMT"},"fingerprint":{"sha1":"12:B6:E7:45:0D:36:61:7D:85:7E:B5:63:E3:D2:A0:39:6A:5C:4E:62","sha256":"5F:11:A2:AD:2B:B7:3A:18:3A:30:57:29:80:E8:25:46:3D:C5:82:EC:4A:B6:87:F8:2F:A1:A7:CF:E8:A6:73:6D"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1\r\nHost: 1xlite-401048.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 77c22b77-3cc9-44a7-acb5-3d8761d62b0a\r\nContent-Length: 19\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=sv0jQ2lc1q1T8/T/BCDsAg==; lng=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":19,"data":"{\"w\":55,\"state\":[]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json\r\ncontent-length: 2\r\nx-dt: 1545\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.131, wf-uht;dur=0.011\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-04-04T12:46:31.87173Z","times_seen":226696,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"1xlite-401048.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1545/desktop/media_asset/1fd8f27e524d418108621f192a16d54e.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1545/desktop/media_asset/1fd8f27e524d418108621f192a16d54e.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-98c2278e923f3398bdff4d685b3b7eba-ee3faa902b5d378d-01\r\nlast-modified: Wed, 24 Dec 2025 19:03:17 GMT\r\netag: W/\"917f249d7ba3f198ffcd4c0996b36c68\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 03 Jan 2026 22:35:55 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18124,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"917f249d7ba3f198ffcd4c0996b36c68","sha1":"5097c10634e403da22a92ee62d12f504c024e479","sha256":"ceabc18fbbc228992e212623f9528f47119c7d3623879141a7a877bf8d27651f","sha512":"5e9ce3dbd4c35499115291c61a6c78f093e0782f87fa34154f899c0776ec1d19f3a82bfc960b851d6f2ab8e18d5fb1ce7a2b4a52a5f27bc32f69254ef9aabdf9","ssdeep":"96:7tb7Ba79eu4QWGAdryCiQFpzLJLJeHZVZYpH3UGHSTSSbbGiJinHQyu7Bn2:K7kJ2VK3UsyinHQd78","tlshash":"b48235d9bae41c33112b60bed5e7f91ae3cc1f479d4aa8287e9c6d4c1b6050500aed7e","first_seen":"2025-12-24T19:43:26.562976Z","last_seen":"2026-03-01T21:06:43.444084Z","times_seen":274,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/colors/ac807ea7bf6b3d0ff1813b5eadc3e98a.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/site-admin/colors/ac807ea7bf6b3d0ff1813b5eadc3e98a.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: text/css\r\ntraceparent: 00-fdef87cb2d8790c0c8535108210f59c2-32cabecdcb1fe941-01\r\nlast-modified: Fri, 26 Dec 2025 08:01:41 GMT\r\netag: W/\"ac807ea7bf6b3d0ff1813b5eadc3e98a\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Dec 2025 10:30:42 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 899\r\ncache: HIT\r\nx-cached-since: 2026-01-06T09:17:31+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":41375,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (41375), with no line terminators","md5":"ac807ea7bf6b3d0ff1813b5eadc3e98a","sha1":"9483c1b722af655b4d51c04c5247ad367fd16a35","sha256":"8c57ea603f02d13f97aa644529208c4d11ef35834db2523eafbc44079aa7e147","sha512":"ffcec057ff5752012fd832655100cb49eb6080be33be273f6ad283feffb3e9de399f9ba788771f5aeff6cbe2e63018322a132d1952633f2516bb22c91fcd677b","ssdeep":"768:+EO1mFS775xWt5JkyunibMhSNmInQLeCA:+EO1mFI75xWt5JkyunibMhvInQLeB","tlshash":"f8037b7ded91c1712a991931911c677b3d36e9ceae240f8fd02c73e570c1a022be5a7a","first_seen":"2025-12-18T19:24:06.611705Z","last_seen":"2026-02-04T19:06:52.762739Z","times_seen":253,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1707728419/stub.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:40.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1707728419/stub.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 06 Jan 2026 09:32:40 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 12 Feb 2024 09:50:42 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"65c9e9f2-186\"\r\nExpires: Tue, 20 Jan 2026 09:32:40 GMT\r\nCache-Control: max-age=1209600, public\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-06T09:32:28.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-401048.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 05:20:59 GMT","end":"Sun, 05 Apr 2026 05:20:58 GMT"},"fingerprint":{"sha1":"12:B6:E7:45:0D:36:61:7D:85:7E:B5:63:E3:D2:A0:39:6A:5C:4E:62","sha256":"5F:11:A2:AD:2B:B7:3A:18:3A:30:57:29:80:E8:25:46:3D:C5:82:EC:4A:B6:87:F8:2F:A1:A7:CF:E8:A6:73:6D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 1xlite-401048.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-length: 0\r\nlocation: /en/block\r\nset-cookie: platform_type=desktop; Path=/; Expires=Fri, 09 Jan 2026 09:32:29 GMT; Secure; SameSite=None; Partitioned\ngw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Fri, 09 Jan 2026 09:32:29 GMT; Secure\nauid=sv0jQ2lc1q1T8/T/BCDsAg==; path=/; secure; httponly; samesite=lax\r\nx-dt: 1545\r\nx-gw-blk-redirect-reason: block\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.010, wf-uht;dur=0.008\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"resource_available":true,"data":null}},"time_used":640,"timings":{"blocked":302,"dns":214,"connect":27,"send":0,"wait":36,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"1xlite-401048.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_f84004e523.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_f84004e523.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-a69e35ddd78b81cf6ea50e5bc9de93b1-8eb0bd2f568b3a32-01\r\nlast-modified: Mon, 05 Jan 2026 09:35:59 GMT\r\netag: W/\"b52b0468a89928ac4f5491d84b23b9da\"\r\nx-amz-meta-mtime: 1767605670.759327204\r\ncontent-encoding: gzip\r\nexpires: Tue, 06 Jan 2026 11:19:05 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 79241\r\ncache: HIT\r\nx-cached-since: 2026-01-05T11:31:48+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5355,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (5354)","md5":"b52b0468a89928ac4f5491d84b23b9da","sha1":"a9ea1f64b65e6191c59676c686c51b060c7f2894","sha256":"e638e7e679d5cd6a547e47ebca2b1c6a13023e80d42fd89139ab021f6aed3c57","sha512":"faefa82305b6be705bafc627991a35f1a32d679358a72ea81cb3551b0a3708997017d946ed2984f683a5514eab417ee5806627c0db89bf3b3820c38f5bd12e4b","ssdeep":"96:y0EbBQ77VHY+R5f4wQL5cdj5JeEaiq4vupNFZFZLiG:obBQ77VHY+R5f4wQL5cdXQzZLiG","tlshash":"5ab11e8dedf5c03a8a27bc12135c8e3d1735f997d9211d9ef25c83a554c3b9201d0eaa","first_seen":"2025-12-03T12:27:09.709217Z","last_seen":"2026-01-29T09:40:33.621374Z","times_seen":485,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":65,"dns":19,"connect":1,"send":0,"wait":1,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-ad6afa4f209a0894f3335310c0144855-b5889b56ac634aec-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 691\r\ncache: HIT\r\nx-cached-since: 2026-01-06T09:20:58+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-04-04T12:51:37.326514Z","times_seen":10282,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/$_$.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 69\r\ntraceparent: 00-046deb8ed5603ded32fc121b57cadafe-5cba6632eb61c26c-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:44 GMT\r\netag: \"2cdaa92927f02e0b628f1ef4d7dd8caf\"\r\nx-amz-meta-mtime: 1766488103.461472926\r\nexpires: Wed, 24 Dec 2025 18:17:06 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 54544\r\ncache: HIT\r\nx-cached-since: 2026-01-05T18:23:25+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_LNU73JEK.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_chunk_LNU73JEK.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-b243adfc4339a6fefbf760b6dbccafc2-7a5f5b9e774e06f8-01\r\nlast-modified: Mon, 05 Jan 2026 08:25:03 GMT\r\netag: W/\"d96d317966512ab8915a90670ca5a5af\"\r\nx-amz-meta-mtime: 1767601469.376688068\r\ncontent-encoding: gzip\r\nexpires: Tue, 06 Jan 2026 09:45:52 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 85597\r\ncache: HIT\r\nx-cached-since: 2026-01-05T09:45:52+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1232,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1231)","md5":"d96d317966512ab8915a90670ca5a5af","sha1":"a810be1c3e515adb49804e8d976250deb16fd77d","sha256":"f125201d62c452efba070d856821885c7cfd539a31d55846caa6ae3a7522d3cf","sha512":"460b29966e6f5ac4d34ccc714217d29686d7aff42efa92a102729d40aa36dd4fbb87116178b2f9fdece5fdb09cb2bf2024312d3f1b86abb69644f695c76aca2d","ssdeep":"","tlshash":"a521f1e56fbc7ba362be2ae4a02e0041e001d53752f4f1d4f294dfb4a4e949d035b5b6","first_seen":"2025-08-22T10:11:14.554562Z","last_seen":"2026-03-04T04:00:43.411503Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/css_vars/d47c7051b33fd4cf012dd1ba88ca9381.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/site-admin/css_vars/d47c7051b33fd4cf012dd1ba88ca9381.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: text/css\r\ncontent-length: 44\r\ntraceparent: 00-04733d32d546ebc3c3ba59ab042e8df5-d25d2da8645ddd1e-01\r\nlast-modified: Tue, 18 Nov 2025 11:33:29 GMT\r\netag: \"d47c7051b33fd4cf012dd1ba88ca9381\"\r\ncache-control: max-age=3600\r\nexpires: Tue, 18 Nov 2025 14:06:30 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2076\r\ncache: HIT\r\nx-cached-since: 2026-01-06T08:57:54+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"d47c7051b33fd4cf012dd1ba88ca9381","sha1":"e8f4a550dc1526e29bbf41e19812174061129e0d","sha256":"d23ddf603e1bea345e3f913800e533ecea691174a25c9f0a40ea8b6eb17e4c95","sha512":"67ba4c3cbeb528f80648ab2833e973436b5f58817ebb69c754b06e50370f279bf18d0f6abb031ebbabb75867e0691cba11b3dc33ea9e85da3438a7e40510ef49","ssdeep":"","tlshash":"729004d4f50c33503455c75710dd44d111c4135f4511355cd5533c11f443c40cc505cc","first_seen":"2025-07-16T20:50:43.408412Z","last_seen":"2026-03-26T08:17:17.906604Z","times_seen":1364,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: image/svg+xml\r\ntraceparent: 00-20cc47a85064fb7d09e503ad394fdf89-ab557cc6e6b1efff-01\r\nlast-modified: Wed, 19 Apr 2023 11:51:30 GMT\r\netag: W/\"3ae81b002dca46d3b732ce3e03ae35c6\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 16 Jan 2025 11:13:48 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2144\r\ncache: HIT\r\nx-cached-since: 2026-01-06T08:56:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1228,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3ae81b002dca46d3b732ce3e03ae35c6","sha1":"388d37b5f714937677de74330a8daab0a0d1196b","sha256":"1c76b93f07c6a861c4ad9529059ea99ae69f2451788da7cab1f17fa94d54382e","sha512":"48887848044da3a9a54b72a1f15a39ac0b30ea8ad7ddc3d4c69e51bb0479f39631d4b9098d289eecdaa9648db4118ddfa38cf76ef1a58718c67d70efc80a67a8","ssdeep":"","tlshash":"e72124be434d5bfb60025fd8967802513abaf0c2f29926ed55d674227903cf4d074955","first_seen":"2023-04-05T22:56:35Z","last_seen":"2026-04-04T13:11:28.853881Z","times_seen":1385,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/desktop/media_asset/e6baed4eecf4ba7f9a5c2fcf97aad110.webp","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/desktop/media_asset/e6baed4eecf4ba7f9a5c2fcf97aad110.webp HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 6642\r\ntraceparent: 00-a48314ca916a31628312e0f1ec1d8072-98497bb5d3cfcfce-01\r\nlast-modified: Tue, 28 Oct 2025 08:17:54 GMT\r\netag: \"f2a90faef41c53fb4af747c8cbf25485\"\r\nexpires: Mon, 08 Dec 2025 19:01:33 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 201\r\ncache: HIT\r\nx-cached-since: 2026-01-06T09:29:09+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6642,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 960x278, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f2a90faef41c53fb4af747c8cbf25485","sha1":"54855a9fb307c4ecc9afea135838328cf439162e","sha256":"993540582d4cab4dc40ba13392f7460f30f0b656ff1e413abe9c20387000cc92","sha512":"c6f5e9a6238a864affd37952ba241b4e5a01dbfad9a18e22b53ea00e6f3acbbf114a5752f0b5faecd89efa6d24990df365113d7321543d0d44cfab1987f123a8","ssdeep":"96:MdOd7t6i+bJODeMN38LbY5gZQpRDH/ij1TgpEV6iuRjxNY4wos4RWNFCjMzlAm92:MduSOXsv6DfiR8fisNk9X3qUhpg","tlshash":"d7d1b074a2c81a958a299e763e763dab6e81039c31bcb6d674b5d5c8c50843fede7030","first_seen":"2025-11-13T15:27:51.525317Z","last_seen":"2026-04-04T12:33:30.612895Z","times_seen":1103,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-9b916bd45c8c2d5e884c12760d13fb8a-07f81445d17ce7b9-01\r\nlast-modified: Mon, 05 Jan 2026 08:25:03 GMT\r\netag: W/\"83e311eb8e222d229b6177bd007ce9eb\"\r\nx-amz-meta-mtime: 1767601469.376688068\r\ncontent-encoding: gzip\r\nexpires: Tue, 06 Jan 2026 09:45:52 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 85597\r\ncache: HIT\r\nx-cached-since: 2026-01-05T09:45:52+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1297,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1265)","md5":"83e311eb8e222d229b6177bd007ce9eb","sha1":"96b851ffda0eab794c2bb637255a48ae25770144","sha256":"d0ff62de588e1c47eedbd91a89dcf394e2ec5bd09392ea556b9a34108077e9ad","sha512":"fd2e1bfb6588598e356ddc08724c2e6f602b89626b30eeca2c25b8f60340f25e28a761b8e13b75d1627172530abf7dd0e586e792f53759d08bda626145f65b0d","ssdeep":"","tlshash":"202112debed2b5908394188c4e2ec055f23a2957641ce6fcd765e7827c403a186f3c1d","first_seen":"2025-08-22T10:11:14.559442Z","last_seen":"2026-03-04T04:00:43.42063Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PJNUBKRP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:29.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_localforage_PJNUBKRP.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:29 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-ab5aa24dd60dd54bf678ac055abad454-88a8015d452a3799-01\r\nlast-modified: Tue, 30 Dec 2025 12:59:16 GMT\r\netag: W/\"7e7ebd44e3a6550f862e122ab7df6409\"\r\nx-amz-meta-mtime: 1767099327.750294637\r\ncontent-encoding: gzip\r\nexpires: Thu, 01 Jan 2026 09:47:17 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 85465\r\ncache: HIT\r\nx-cached-since: 2026-01-05T09:48:04+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30277,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (30255)","md5":"7e7ebd44e3a6550f862e122ab7df6409","sha1":"384ecbc3ab0f65e6b0f88c1e68ba3eb73fad4999","sha256":"138767518a09e63d24f918f6380923893a2ec3aa59a640e51c83517501823076","sha512":"e2766b50e289dc6a69fa30432a49a0b7743f15cd15a54d707959c7623f258057a821a94285c492746216cfbf815089309b6cc09b930ba7977ff9c4ffc352d76e","ssdeep":"768:wDKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:wm8uPW43zEIOvdlUU","tlshash":"a5d2b68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","first_seen":"2025-08-22T10:11:14.535778Z","last_seen":"2026-03-04T04:00:43.425133Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-ui/3.3.544/Desktop/Default/client.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-ui/3.3.544/Desktop/Default/client.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-58adf3da4751da85bfe0f0fbbba328a4-4914588195676408-01\r\nlast-modified: Thu, 18 Dec 2025 08:43:05 GMT\r\netag: W/\"a10805f87dbd4750c11572b5d2f6ba7c\"\r\nx-amz-meta-mtime: 1766047382.787017175\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 08:50:37 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1618\r\ncache: HIT\r\nx-cached-since: 2026-01-06T09:05:32+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":720302,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"a10805f87dbd4750c11572b5d2f6ba7c","sha1":"8bc092e930b008473f7f211eaae4f6579717840a","sha256":"e3eddb33cb9dee8a8ad866700f671b90c7e116a199bc1a5cd2bab915343eef81","sha512":"3974d431c58149c309ffa50f420971e2449bffb507f10756cb21a5474c6ff9be3a4726dc10433216e8938df532a155825303a2c082ea7b86a52ea31d61667bbd","ssdeep":"12288:nnSDjMb4OAD03pDTuThJDUZxzMjfPQfIHSKRuPB48:MMb4OAD03pDTuFI48","tlshash":"ebe4941cf29d92353e37e62062945ffc6620b7079b231d6ef4aa064a0ec35437196dbb","first_seen":"2025-12-23T20:54:41.985309Z","last_seen":"2026-01-14T07:33:59.009167Z","times_seen":183,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/bff-api/config/group/get?groups=d.customize\u0026lang=en","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-401048.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 05:20:59 GMT","end":"Sun, 05 Apr 2026 05:20:58 GMT"},"fingerprint":{"sha1":"12:B6:E7:45:0D:36:61:7D:85:7E:B5:63:E3:D2:A0:39:6A:5C:4E:62","sha256":"5F:11:A2:AD:2B:B7:3A:18:3A:30:57:29:80:E8:25:46:3D:C5:82:EC:4A:B6:87:F8:2F:A1:A7:CF:E8:A6:73:6D"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=d.customize\u0026lang=en HTTP/1.1\r\nHost: 1xlite-401048.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=sv0jQ2lc1q1T8/T/BCDsAg==; lng=en; tzo=3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json\r\ncontent-length: 748\r\ncache-control: no-cache, private\r\nserver-timing: dt_total;dur=0.098, bff;dur=11.36, wf-uht;dur=0.021\r\nx-dt: 1545\r\nx-pod: R-r9ktp\r\nx-time-ng: 0.013\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":748,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e40ba312d84ed9c7725118bfe9d260af","sha1":"3102abc444490e2383f4f0d094718b149219edc8","sha256":"1f1f6972d046779ad161934090f2165ddbf5622ac48c50363a361dc34d3ba532","sha512":"dcb7bdacd5f655e2391e5f1fd37024b8fd87cf64479c3044b976c1455d03941b6f44d95bd25fba96d23eee84345a5b3c077c14632cfabb59b004d33cbbcd126d","ssdeep":"","tlshash":"3301d14da161623cd2a18b98d8823f145ffd90b735497a05e81c9dca33f36ebe2b1203","first_seen":"2025-12-25T17:26:02.089904Z","last_seen":"2026-01-12T03:01:24.450964Z","times_seen":8,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"1xlite-401048.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-401048.top/seo-module-api/api/public/v1/analytics-counters?project[id]=1545\u0026domain[host]=1xlite-401048.top","fqdn":"1xlite-401048.top","domain":"1xlite-401048.top","tld":"top"},"ip":{"addr":"178.253.35.67","port":443,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-401048.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 05:20:59 GMT","end":"Sun, 05 Apr 2026 05:20:58 GMT"},"fingerprint":{"sha1":"12:B6:E7:45:0D:36:61:7D:85:7E:B5:63:E3:D2:A0:39:6A:5C:4E:62","sha256":"5F:11:A2:AD:2B:B7:3A:18:3A:30:57:29:80:E8:25:46:3D:C5:82:EC:4A:B6:87:F8:2F:A1:A7:CF:E8:A6:73:6D"}}},"request":{"raw":"GET /seo-module-api/api/public/v1/analytics-counters?project[id]=1545\u0026domain[host]=1xlite-401048.top HTTP/1.1\r\nHost: 1xlite-401048.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-401048.top/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=sv0jQ2lc1q1T8/T/BCDsAg==; lng=en; tzo=3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: application/json\r\ncontent-length: 47\r\ncontent-encoding: br\r\ncache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300\r\nx-content-digest: enb066c3de982d01779fd50476f73b1ab6\r\nage: 9\r\nx-request-id: 848efd45412e9c6508d4fb205bdf7d47\r\nx-request-guid: 848efd45412e9c6508d4fb205bdf7d47\r\nx-time-ng: 0.005\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: p;dur=2.6130676269531, wf-uht;dur=0.019\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c809138c09727a461b3438eb080f8445","sha1":"2b43a325cd3d2b7a1d91967f30bb52c4e136822b","sha256":"47d34e128cb5a1e2edb0f30e9a15ec1c79a82bc64c512b53702ddf6a5a33f74c","sha512":"31a4a640ba00124b48f424535b4e79e3a42bc44f84c4fec2ed52461131ce90e68d090804b9c30c40abc780edefd8321e261403fe80b0e113af509952ecb7e892","ssdeep":"","tlshash":"0490045177057d54d40750c444454553411c50d5cf5111033d54c733c17d35470c7517","first_seen":"2024-04-27T00:40:23Z","last_seen":"2026-03-30T00:11:58.747679Z","times_seen":455,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/708191bc33.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/708191bc33.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-d88b0cd813d72e4a12d8e25ca59fa1a0-e47a7e90831614c2-01\r\nlast-modified: Tue, 23 Dec 2025 11:09:43 GMT\r\netag: W/\"f558fd5629eaf2411a804db7a8f35d89\"\r\nx-amz-meta-mtime: 1766488103.478474356\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 11:12:24 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 79483\r\ncache: HIT\r\nx-cached-since: 2026-01-05T11:27:47+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3730,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3729)","md5":"f558fd5629eaf2411a804db7a8f35d89","sha1":"c9239b8810c39517704dfc46f746c3f03136b466","sha256":"481f44e30fbad7065c6cf53e1b699af33c6afe77c4ecb17095eed9022c388e5e","sha512":"d10fc5869f68eea2268d0d3c9dc465268e348063a9b50a0401e0f08c91418da9bc75b187d1138b6f4676128a5241450ed60b2d2632407e58ff1cb501d3e526bc","ssdeep":"","tlshash":"84717346ac78f5f6ba0782a83d2344f0cb1fac2ed16449eae1f4c6bc129d4952432f57","first_seen":"2025-12-23T20:54:42.009554Z","last_seen":"2026-01-14T07:33:59.0485Z","times_seen":114,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-icons/1.0.915/285/country.svg","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-icons/1.0.915/285/country.svg HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-401048.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: image/svg+xml\r\ntraceparent: 00-601eb2774bf2925c19cd622146857534-54db326446674ad1-01\r\nlast-modified: Tue, 23 Dec 2025 10:17:37 GMT\r\netag: W/\"e755054847ccc09de8ac9bdf2c4326d6\"\r\nx-amz-meta-mtime: 1766485039.668461346\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Dec 2025 10:18:51 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 82162\r\ncache: HIT\r\nx-cached-since: 2026-01-05T10:43:08+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":217418,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e755054847ccc09de8ac9bdf2c4326d6","sha1":"1461e05caf5c7bfda69a9a45127a8f78dc37a9ec","sha256":"d03bc4c7e0d2d128ba647df7ef393f9e856ff0b98b09d6d2849bdaaaded8e7b9","sha512":"2a6e1617fe4b5f4039431564fdb2d90f8a4a930ea555e10133b9d07809ebe56f64cfc9000de709289b2cb9143664bb8e334cabf2d49c7c20dac9ba8ed0eee9ce","ssdeep":"3072:hgvO+igz5Wy8EjUskAnA3ZJ9QeVCLpE74OWuhgwlKqjk71xhbXVjGYLGS/suV1SM:uqCLpPOWuq5vaSueoO7","tlshash":"08245554b099b14c2a8363e8c7afa5e1133e61db71da419938e993d8520e3dffe83950","first_seen":"2025-08-28T01:30:48.467208Z","last_seen":"2026-04-04T12:33:30.611915Z","times_seen":1090,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-401048.top/en/block","date":"2026-01-06T09:32:30.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-401048.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 06 Jan 2026 09:32:30 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-2c13f1e31e0b5eb45b30a05352252b15-a7e9052e9f2cb1fb-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 3294\r\ncache: HIT\r\nx-cached-since: 2026-01-06T08:37:36+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-04-04T12:51:37.329592Z","times_seen":10160,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}