Report - refpa5139455.top/L?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click

Report Overview

Submitted URL
refpa5139455.top/L?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
IP
178.253.14.18
ASN
#202492 Silverhill Group Holding Ltd
Submitted
2024-04-26 22:40:36
Access
public
Website Title
1xBet registration ᐉ Sign up 1xBet ᐉ 1xlite-660473.top
Final URL
1xlite-660473.top/en/registration?type=fast
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
80

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
radar.cedexis.com	3035	2009-01-07	2013-11-27	2024-04-25	824 B	1.2 kB	45.54.49.5
www.google.no	25607	2001-02-26	2016-04-05	2024-04-25	581 B	578 B	142.250.74.163
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-04-26	4.3 kB	1.8 kB	216.239.32.36
refpa5139455.top	unknown	2022-08-05	2022-08-05	2023-07-28	622 B	575 kB	178.253.14.18
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2024-04-08	24 kB	3.1 MB	185.244.209.62
1xlite-660473.top	unknown	2023-08-11	2024-02-06	2024-03-26	54 kB	742 kB	178.253.29.47
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-26	863 B	382 kB	142.250.74.168
widget.suphelper.top	unknown	2023-08-02	2023-10-04	2024-04-18	7.3 kB	1.5 MB	172.64.148.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (57)

	URL	Size	First Seen	Last Seen
	v3.traincdn.com/_nuxt/desktop/default/runtime-18ca9614.js	47 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/runtime-18ca9614.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:26:50 Last Seen2024-04-27 09:33:59 Times Seen22 Hash a4a80cc0c5d67fd21f379ece59b412cb 9354acc41f3717f7fc1a79285bd5e0d386826aed d7dc624597a05dea92a2c61c83bb375c1ef4cbf2c97a62dfeaed277557c0024b Loading...

	widget.suphelper.top/	196 B	2023-07-20	2024-05-07
Pretty URL widget.suphelper.top/ IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 14:42:12 Last Seen2024-05-07 17:51:28 Times Seen2026 Hash aa729c2ec64b60ce3b2052cc8edaa329 0f673deff4bffdd337a6220feb0b7b5b5ff666c4 9693391d461678be59d683100b1442f4ee65d2cf5bda3904fbf6232a7eb921ca Loading...

	widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js	481 kB	2024-01-20	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-07 17:51:31 Times Seen450 Hash 46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c Loading...

	1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration	522 B	2024-04-26	2024-04-27
Pretty URL 1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 20:11:19 Last Seen2024-04-27 05:04:21 Times Seen8 Hash ffd9ea1b18ea7e7456a6a9442743dd15 cf8d683bef7725843464b85fa1f31faf40cba14d b5764659fdced2a92f0867511f3d9007295c09c650087eae4c6a538f8873fba6 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Registration-cad52a76.js	6.4 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Registration-cad52a76.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 20:11:19 Last Seen2024-04-27 05:04:22 Times Seen16 Hash e8d186fcf93d7f9139a6774ae9b88b8b 041de66e0e547a8fd9c905a254182ca726117427 ee4a580f544a89af3dd3c5416687b8b8a9b875676c6f03479234ec2c06f5be22 Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	318 kB	2024-04-27	2024-04-27
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 00:40:39 Last Seen2024-04-27 00:40:40 Times Seen1 Hash e36937e38fc4f86f65f2db2864cbc994 662d66e869b8867b72d028a3b7821f80f8e0f1cc 5ff12b9b370fb7339f0bb8b6292e690eeb2837ad74ff9bef8fe63187ff2553b2 Loading...

	widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js	3.8 kB	2023-10-05	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-05 09:17:37 Last Seen2024-05-07 17:51:27 Times Seen1977 Hash ba1681cca05ff7b4f8698587da76ab26 7113520b461dfcbdcbc1725a1acc6e05547bf20e bcfc83f65454f29634e61503e84d77f3fe8bc06451b90927bf842e9ad352ac64 Loading...

	widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js	1.0 MB	2024-04-25	2024-05-02
Pretty URL widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:13 Last Seen2024-05-02 04:19:28 Times Seen40 Hash 0a8ec60f8885a9417bae7ec2a3981f82 ef0fa91cda49946611fe1cd09819cfdaf8a1c6f5 15d73072cdad0ee70bdc75731a1c2d81326b0b1391b668cd36c639a321105259 Loading...

	widget.suphelper.top/_next/static/724286ac/_ssgManifest.js	77 B	2023-03-07	2024-05-07
Pretty URL widget.suphelper.top/_next/static/724286ac/_ssgManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-07 18:49:18 Times Seen85968 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	radar.cedexis.com/1/23802/radar.js	390 B	2024-02-13	2024-05-07
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23:26 Last Seen2024-05-07 17:51:31 Times Seen142 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	unknown	96 B	2023-12-06	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32:27 Last Seen2024-05-07 17:51:27 Times Seen888 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-d462d3ce.js	56 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-d462d3ce.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:33 Last Seen2024-04-27 09:34:00 Times Seen24 Hash a53e75793287bf430c7d81e62a86551c 43ecdd497e27c96d3c886a1ccf72dca7a9f2646b 7692da0b4d0d3168af9ce3f8d1eda4fc5ad04676e7ef7949eeb46d7be78cbeca Loading...

	widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js	141 kB	2023-03-08	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:26:33 Last Seen2024-05-07 17:51:27 Times Seen2373 Hash 896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4 Loading...

	unknown	44 B	2023-04-14	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-07 17:51:27 Times Seen848 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3205e593.js	26 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3205e593.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:29:52 Last Seen2024-04-27 09:34:00 Times Seen20 Hash 5bbaaf26c18bce582629f29ccd1101ec 58e6d8affeeb2fa928aa6fccda50beb4ca37df23 9c8ade7d97673087e40ecba27e40a54ac42b903e1cd8ff3cdb6ad661669bf679 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	173 kB	2024-04-27	2024-04-27
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 00:40:40 Last Seen2024-04-27 00:40:41 Times Seen2 Hash de28fb1dc53fc2a37ed5163eb932af47 556c62eb1b62dec9f436051cfd541100f91f42f8 8c8d78d04432bb6de0dcddf3e687da2a991d6a422e6cafe5151460b8bbe8b901 Loading...

	unknown	34 B	2023-04-14	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-07 17:51:27 Times Seen859 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js	3.2 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:35 Last Seen2024-04-27 09:34:00 Times Seen24 Hash fa6020f2d4e598b5afa5bb72e0c4d2aa 52c7fb50959707c999f0a3b1a192cd3884319fd1 28a7cee0e15f4c6f9262e16dc900063fcc30017410241306903c852861bb2852 Loading...

	v3.traincdn.com/_nuxt/desktop/default/analytics-1d085c09.js	6.4 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/analytics-1d085c09.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:34 Last Seen2024-04-27 09:34:02 Times Seen21 Hash 7c3b6253af0f87ab95db1b7ecb5e071c 4316078471b261fbd6b751a6b9fe613389451dca 15923078094e7c2a29dc16315acfaeed3111e1202f23accb243c9249c03e2095 Loading...

	v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js	7.0 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:36 Last Seen2024-04-27 09:33:59 Times Seen24 Hash 74ce5bf016ae117858ebfe89a35175b8 e36d4ea0bf93ec9fe1747914a42e33ff9a100450 7b642a28afa3285ed36766a4b5698308805b13ff808c881ef9a974c3de5ae3c0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DC-d1fb2018.js	2.3 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DC-d1fb2018.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:34 Last Seen2024-04-27 09:33:56 Times Seen22 Hash 5cf1b6cfa7bec127f69186daac9aa30e 8e37a161db7eb37f8fa8e9bee4e1ea818316ee80 37d4c09fbd6f6dcdd9c3e6de2b454865841af4d6f0c918c2091fdcc9af9df2a7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Betting.Core-fc6385cb.js	2.4 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-fc6385cb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:26:49 Last Seen2024-04-27 09:33:59 Times Seen22 Hash 982af934c8a3a7d2eb768383e2a0b2ac 13ca56f51e82e56c736339404f8b94aae6df1113 e63e483f2aaf1b76c5c464e5a62819a21237917fa1a6eb53d85dee5ee2681d19 Loading...

	unknown	39 B	2023-04-14	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-07 17:51:27 Times Seen851 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration	924 B	2024-02-25	2024-05-07
Pretty URL 1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-25 06:56:59 Last Seen2024-05-07 17:51:27 Times Seen63 Hash 92bf20f2f922cc746bec8fe320b23ed3 768e5dbe711e1b62cad807b11ded99ef85001483 b81f4c4f575092cb52a07f89a96291f8e258b3f6bf61e51df0fec3bcc3132fea Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-000a2948.js	199 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-000a2948.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:34 Last Seen2024-04-27 09:34:02 Times Seen20 Hash 3cad391b1ba090af586203843e8c321d aa49ded6cec16b05de850449016d4161be93b686 140b667c3dc687dc7f10b8f95b4c28f9c4fa7f4c5603479c2e3f6a6d656e9786 Loading...

	unknown	47 B	2023-04-14	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-07 17:51:28 Times Seen848 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	1xlite-660473.top/polyfills.js	0 B	2023-03-07	2024-05-07
Pretty URL 1xlite-660473.top/polyfills.js IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 19:01:24 Times Seen37414894 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration	542 kB	2024-04-27	2024-04-27
Pretty URL 1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-27 00:40:15 Last Seen2024-04-27 00:40:40 Times Seen2 Hash 2c6c430dcdaa5b57683af57688bc2557 224fae84b18ecbb7fa42e4032c78ca5d38b3ca39 aabe36c65813b5dc570932a8bd0c5975c8fba2e7ce18f7263a8cfcb24fb8d00c Loading...

	widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js	78 kB	2024-01-20	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-07 17:51:28 Times Seen454 Hash dc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84 Loading...

	widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js	10 kB	2024-01-20	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:35 Last Seen2024-05-07 17:51:28 Times Seen449 Hash 54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662 Loading...

	widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js	37 kB	2023-10-13	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:04:09 Last Seen2024-05-07 17:51:28 Times Seen3078 Hash 6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3 Loading...

	widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js	373 kB	2024-04-24	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-05-07 17:51:28 Times Seen89 Hash 36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0 Loading...

	widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js	92 B	2023-03-07	2024-05-07
Pretty URL widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-07 18:16:43 Times Seen7801 Hash 7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js	8.0 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:34 Last Seen2024-04-27 09:33:59 Times Seen23 Hash 43df36730b19be5019e384c97ef33f00 29d1e370bad7a78660e26181f5e2671271e1d07d 9c6d3000958d016aba495fc2abb171ada373015a909c3ad2913e189717e0ba43 Loading...

	data:text/javascript,export const meta = import.meta;	32 B	2023-12-06	2024-05-07
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32:28 Last Seen2024-05-07 17:51:28 Times Seen888 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js	12 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:36 Last Seen2024-04-27 09:33:59 Times Seen24 Hash 1cc1975036d7d613432986b419c4f933 197f793c823c493643fa3a63441a8dac2e86a7d0 abb7c137964088db8dc1ba6fc12c6a15a4a1f6dadf88c9c595fe4b273bca3359 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-f64daa17.js	58 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-f64daa17.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 20:11:19 Last Seen2024-04-27 05:04:23 Times Seen16 Hash da45ffcd75ec93718dad20c271f04c18 ea32caab89822fd96185753cf3ee8ed75824e472 39b9027ae0581c1139f4fe2494d692ae833948f8534a3e3b6091408167d76799 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-7d2adbe4.js	40 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-7d2adbe4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:29:51 Last Seen2024-04-27 09:34:03 Times Seen20 Hash 09f719ce338786eee766f484042e3ac0 205337e84727f25d00b53890d39012386860c183 aea7bb8d8fae31b8018b3d76ac917f939f9b2a8bb6928bbe7bb74f196ec1ea73 Loading...

	1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration	9.7 kB	2024-04-26	2024-04-27
Pretty URL 1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 09:07:11 Last Seen2024-04-27 19:16:47 Times Seen10 Hash eeb1794e8f91da6899ef4ec1100d3b52 70ff61ed25f0e5cefa2c3420713b90805eb8a57d 16015eec572f5097fffdd44ef6278815121833b1fb806df47b28b6bb1a5aab6c Loading...

	widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js	108 kB	2023-11-02	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:20:57 Last Seen2024-05-07 17:51:27 Times Seen2374 Hash 83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75 Loading...

	widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js	107 kB	2024-04-25	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-07 17:51:31 Times Seen86 Hash d0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5 Loading...

	v3.traincdn.com/_nuxt/desktop/default/app-3803e6f7.js	852 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/app-3803e6f7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:35 Last Seen2024-04-27 09:33:59 Times Seen24 Hash 9cf24c6aa2ad7694e090bb298642dda9 7d6507c0d33e02190dfcfd38f57116e23d74b198 346e88a80035e7b808fc68bcc8174388397fe93230af5c4430cb55e28a249351 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js	27 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:36 Last Seen2024-04-27 09:33:59 Times Seen24 Hash e90b6bb3b92453e083ec5e739e5132b1 7cc4456a8091dd5e8dce5ac477abaf66d05742bf 088a280dd983eac2f46c008fd39b0ba0cebe84b7f2301d55ea588163c4d65800 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-683c6f08.js	19 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-683c6f08.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 20:11:20 Last Seen2024-04-27 05:04:23 Times Seen16 Hash 40f4cf9e701933692780a2ef6970211b d55424c6ca76f072de2a3bcae7c396335a8b496d 453d184c31e22b5501cb6dc50967fb92ec5b92799db47eb36bd35c89aaf8ebf2 Loading...

	v3.traincdn.com/_nuxt/desktop/default/registration.Main-8d6d8844.js	85 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/registration.Main-8d6d8844.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 20:11:19 Last Seen2024-04-27 05:04:23 Times Seen16 Hash 29bc97801044b4707c0f7427c81dffcc 07b48f7cc45fee2c1caac1bd575e16113cb4a779 c6b5b31549586b8581a44ab95bdcdab8e783843870544bfaf65299a357d82aa2 Loading...

	widget.suphelper.top/injector.js	208 kB	2023-12-17	2024-05-07
Pretty URL widget.suphelper.top/injector.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 15:23:16 Last Seen2024-05-07 17:51:27 Times Seen936 Hash faa1c0b5a845868ac1a8071b6b87d458 71034e9bb2726a20b2afa197ff4e1b52c2ab976b d7585c13a4abd3b295a15b2bce2b2d7121a697f42ea85f89f40624ac26b075d0 Loading...

	widget.suphelper.top/_next/static/724286ac/_buildManifest.js	519 B	2024-04-25	2024-05-07
Pretty URL widget.suphelper.top/_next/static/724286ac/_buildManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-05-07 17:51:28 Times Seen53 Hash 06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-7362e1b3.js	32 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-7362e1b3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:29:50 Last Seen2024-04-27 09:34:00 Times Seen16 Hash c3e01e6e097f5a585124308c10012158 287b213e764ccf6e8ced681e607e13c9361012e3 d47aa2eb2bd5e89961eec64f44c0777d0104dfc7ff5e7740a86bb92d763177b3 Loading...

	v3.traincdn.com/_nuxt/check-ob.js	211 B	2024-04-24	2024-05-07
Pretty URL v3.traincdn.com/_nuxt/check-ob.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-05-07 17:51:28 Times Seen102 Hash ced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.media-fd9299c8.js	17 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.media-fd9299c8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:36 Last Seen2024-04-27 09:34:03 Times Seen24 Hash 1c5f0f2576f85aa05256ef8412e1a80e e3fe4363d03125724ee18ca063552d21b11c791f aced4150b67a0055a6baca50f790709de03a987b56a894479db35c63dff31455 Loading...

	1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration	216 B	2024-04-27	2024-04-27
Pretty URL 1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-27 00:40:40 Last Seen2024-04-27 00:40:40 Times Seen1 Hash c1e099fc1136027fbfc4553c48d836ae ec976fe310bedfe0b3f0ea58ba84225da64143b7 13fdbfaf086c10cf27b015b968dc71e732b7a5c346df74afb99e24055179b113 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/app-fb158860.js	956 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-fb158860.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:35 Last Seen2024-04-27 09:33:59 Times Seen23 Hash 1c1deca627849071e9e8c38038325677 a829a0057b98d340e106da7dc18b600a936a3709 ddcc9e115145c1d52554320320493606a22edca9d102b2b79a6cd880d2fcad19 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js	77 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:36 Last Seen2024-04-27 09:33:59 Times Seen24 Hash caca89be1e6a1f2ff94c549dbdebb194 dc5f22176416438215b9fc2813dfcebc02387d43 5e392322dfabbe74a8ce7b566207e2c0d5f25416f3de462fdb9dd3c2ed430f7f Loading...

	unknown	47 B	2023-04-14	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-07 17:51:27 Times Seen846 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	v3.traincdn.com/_nuxt/desktop/default/commons/app-f433f4e5.js	138 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/commons/app-f433f4e5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:35 Last Seen2024-04-27 09:33:59 Times Seen24 Hash 5d3e2c224a2000fa0a1e1ec69e0153af a321b90afc0e3d4004f955d717254c252835f7c7 a86722ab8e12c2dbd3e0afae629f6cfad507a201859e2116cb46b49bd9d082c5 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-ee98945f.js	32 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-ee98945f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:29:51 Last Seen2024-04-27 09:33:59 Times Seen19 Hash d3c3aac94c051ee7f8636cc09def5569 ec6b0f76c91ec8c1e859b5097fcb16880bab8ffd 362c43512ff662fd00faf50dd372769b9bf49d5884d302a6874dd1f4c6446b2b Loading...

		Size	First Seen	Last Seen
	#1 Eval - 76b3ec94974d682551811f522b4d91bd	28 kB	2024-04-27	2024-04-27
Pretty Observations First Seen2024-04-27 00:40:40 Last Seen2024-04-27 00:40:40 Times Seen1 Hash 76b3ec94974d682551811f522b4d91bd 6b746e8db909e5082b7651626feff65bdb8f4ffb f3c37234649d1bdb0bb2255f8043fce2f96b3ccecc5e0d5dc257effeca73ab61 Loading...

HTTP Transactions (118)

URL IP Response Size

v3.traincdn.com/_nuxt/desktop/default/runtime-18ca9614.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/runtime-18ca9614.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (47028), with no line terminators
Size
15 kB (14696 bytes)
Hash
a4a80cc0c5d67fd21f379ece59b412cb
9354acc41f3717f7fc1a79285bd5e0d386826aed
d7dc624597a05dea92a2c61c83bb375c1ef4cbf2c97a62dfeaed277557c0024b

HTTP Headers

GET /_nuxt/desktop/default/runtime-18ca9614.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 14696
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-3968"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d086e9c82c655f6b695517537b64d04d-4110e523701e4b96-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:18+00:00, 2024-04-26T13:25:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6ee8a9e4.css

185.244.209.62

200 OK

591 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6ee8a9e4.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2490), with no line terminators
Size
591 B (591 bytes)
Hash
7375a1956830f97b2481314bf1f0e199
7c30df38c6465e78813dc2aea95eb086bb832630
2acc171311243f36d7410ebd2b41ac7d7c7899c861153198217e7e91d3d9e4cf

HTTP Headers

GET /_nuxt/desktop/default/css/6ee8a9e4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: text/css
content-length: 591
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-24f"
content-encoding: gzip
expires: Sat, 27 Apr 2024 09:39:10 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f012926da7857470c6600646e08dc6cf-224282e2cb97e2b8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T09:39:10+00:00, 2024-04-26T21:15:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css

185.244.209.62

200 OK

3.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (31339), with no line terminators
Size
3.2 kB (3225 bytes)
Hash
3cc47f5bfd7fb2ef96257df775a1b810
bbb36b671dd4a1f6e24cce1a48368724994b3913
18aeb0ed76dd6ce1471582770244ed6c55b69fef2e84ffabdabdbf7f32600326

HTTP Headers

GET /_nuxt/desktop/default/css/6c310293.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: text/css
content-length: 3225
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-c99"
content-encoding: gzip
expires: Sat, 27 Apr 2024 12:26:53 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1888f00ed3a5bd487ed65016ba1f9117-0cdb79c92947e245-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:26:53+00:00, 2024-04-26T12:59:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-3803e6f7.js

185.244.209.62

200 OK

225 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/app-3803e6f7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators
Size
225 kB (224656 bytes)
Hash
9cf24c6aa2ad7694e090bb298642dda9
7d6507c0d33e02190dfcfd38f57116e23d74b198
346e88a80035e7b808fc68bcc8174388397fe93230af5c4430cb55e28a249351

HTTP Headers

GET /_nuxt/desktop/default/app-3803e6f7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 224656
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-36d90"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-26756742293a1d3fdd41a3c72ff30d77-2b6daa4fa7480869-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/polyfills.js

178.253.29.47

200 OK

0 B

URL GET HTTP/2
1xlite-660473.top/polyfills.js
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.js HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Registration-cad52a76.js

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Registration-cad52a76.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6350), with no line terminators
Size
2.2 kB (2235 bytes)
Hash
e8d186fcf93d7f9139a6774ae9b88b8b
041de66e0e547a8fd9c905a254182ca726117427
ee4a580f544a89af3dd3c5416687b8b8a9b875676c6f03479234ec2c06f5be22

HTTP Headers

GET /_nuxt/desktop/default/Page.Registration-cad52a76.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 2235
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-8bb"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-34b995bb726ba578e02e091c8e88e860-ba7a3230aac7003c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:43+00:00, 2024-04-26T11:49:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8037), with no line terminators
Size
2.3 kB (2264 bytes)
Hash
43df36730b19be5019e384c97ef33f00
29d1e370bad7a78660e26181f5e2671271e1d07d
9c6d3000958d016aba495fc2abb171ada373015a909c3ad2913e189717e0ba43

HTTP Headers

GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 2264
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-8d8"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-acf735c5d1b55e93ed23a571123e9626-b88851ccd0bb8b49-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/commons/app-f433f4e5.js

185.244.209.62

200 OK

47 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/commons/app-f433f4e5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
47 kB (46791 bytes)
Hash
5d3e2c224a2000fa0a1e1ec69e0153af
a321b90afc0e3d4004f955d717254c252835f7c7
a86722ab8e12c2dbd3e0afae629f6cfad507a201859e2116cb46b49bd9d082c5

HTTP Headers

GET /_nuxt/desktop/default/commons/app-f433f4e5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 46791
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-b6c7"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6d7a59fb8607db276f65c67d800ba3ba-ff27c9d8386d5146-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9958), with no line terminators
Size
2.3 kB (2277 bytes)
Hash
76a1e3dd8e25bf9a48bdd896de779d20
38c3643e25808d1f3ab167273201eac8c113c088
aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273

HTTP Headers

GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: text/css
content-length: 2277
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-8e5"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-838f45cdcdbbba98fabff14311d88a53-8be48cc64ec3f914-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:36+00:00, 2024-04-26T11:28:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-fb158860.js

185.244.209.62

200 OK

268 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/app-fb158860.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61101)
Size
268 kB (267774 bytes)
Hash
1c1deca627849071e9e8c38038325677
a829a0057b98d340e106da7dc18b600a936a3709
ddcc9e115145c1d52554320320493606a22edca9d102b2b79a6cd880d2fcad19

HTTP Headers

GET /_nuxt/desktop/default/vendors/app-fb158860.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 267774
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-415fe"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8d612e91dabed0b5df7226a76f11ebf1-1453d759a3ecae36-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e1909979.css

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e1909979.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
14 kB (13841 bytes)
Hash
f65aa8635d82cc4a256125e09f321e9d
1c3b94de4d52fd6f79cdfbe958b66d925863c699
4ad29cf926bd2e32368e66247d53627d4ec761a5707d99ad38622fb571794ffa

HTTP Headers

GET /_nuxt/desktop/default/css/e1909979.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: text/css
content-length: 13841
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-3611"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a871460509cff1748d38fda022d52814-0a34a5b85454a5cd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/version.json

185.244.209.62

200 OK

44 B

URL GET HTTP/2
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
2677fe1699935f36e2dec0b920ae6775
6aacbcc989d759c182718547b77eda21b665dd57
df24622b277b22705c70d9e48bb2dc40c5dcd69e570d2ab55e694d02a0161094

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: application/json
content-length: 44
last-modified: Fri, 26 Apr 2024 12:33:00 GMT
etag: "662b9efc-2c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 13:00:31 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b5513c1e98a059bdb5fa21babebcff32-f2ad85ba14bfe59c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:00:10+00:00, 2024-04-26T22:39:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-308d18216fa7ede05ee3741c8f7d46e7-9716de198313f2ec-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-04-26T22:27:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
65 kB (65430 bytes)
Hash
4356a6fab677aac255eda5a40f3b582c
7ed5031dfde9cca5d92f1aedbc0d398f921ad61d
d6d55a80ab6696eb29ed74af2ab8e5a61912d1c61e1108d742202107d5f7bb46

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b7d9a382467fae7f9896f9df98d6cdf5-22d020fa933f1bbb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-04-26T22:14:44+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d6a5410d40fb8fbcec3bebe1302c8324-3263045c69873b67-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-04-26T22:21:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png

185.244.209.62

200 OK

653 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6af5fb3ec885295ad25959b834f05042-60f8720a75306ce8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-04-26T22:14:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/check-ob.js

185.244.209.62

200 OK

187 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/check-ob.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
187 B (187 bytes)
Hash
ced67278c38d1ce1297c121af69fff8a
df6e1531fd84d956263b04254e6f94f5356623f4
2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616

HTTP Headers

GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Thu, 25 Apr 2024 10:36:21 GMT
etag: "662a3225-bb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:52:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-75fda420b1b436d36fc2af820580ae7d-c3d56187835614a0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:52:19+00:00, 2024-04-26T11:36:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
22 kB (21881 bytes)
Hash
caca89be1e6a1f2ff94c549dbdebb194
dc5f22176416438215b9fc2813dfcebc02387d43
5e392322dfabbe74a8ce7b566207e2c0d5f25416f3de462fdb9dd3c2ed430f7f

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 21881
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-5579"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9af753738cd68e7b5588bd0d6242f465-00ae14d9e068f294-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js

185.244.209.62

200 OK

4.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12527), with no line terminators
Size
4.6 kB (4556 bytes)
Hash
1cc1975036d7d613432986b419c4f933
197f793c823c493643fa3a63441a8dac2e86a7d0
abb7c137964088db8dc1ba6fc12c6a15a4a1f6dadf88c9c595fe4b273bca3359

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-11cc"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-481044bdc41c5a6baee6e5dffe770951-b97b3e0177ab67e5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css

185.244.209.62

200 OK

953 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3352), with no line terminators
Size
953 B (953 bytes)
Hash
748da80084597d87b4ff5e98b017b07b
db6ad2ec24bfcbe751a23061d935403e1163f471
4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24

HTTP Headers

GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: text/css
content-length: 953
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-3b9"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:04:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c66627006d13e9549de4c705188fe03f-8d7c77c9a5fc7de0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:04:52+00:00, 2024-04-26T14:52:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js

185.244.209.62

200 OK

8.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26717), with no line terminators
Size
8.1 kB (8055 bytes)
Hash
e90b6bb3b92453e083ec5e739e5132b1
7cc4456a8091dd5e8dce5ac477abaf66d05742bf
088a280dd983eac2f46c008fd39b0ba0cebe84b7f2301d55ea588163c4d65800

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-1f77"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7366e1dcb5975fb5090ceb0b263eafb3-c0729249a9eec419-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js

185.244.209.62

200 OK

2.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6960), with no line terminators
Size
2.1 kB (2120 bytes)
Hash
74ce5bf016ae117858ebfe89a35175b8
e36d4ea0bf93ec9fe1747914a42e33ff9a100450
7b642a28afa3285ed36766a4b5698308805b13ff808c881ef9a974c3de5ae3c0

HTTP Headers

GET /_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 2120
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-848"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f103731131ed6dbff589a93977798a43-50ca416741e17da7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:40+00:00, 2024-04-26T11:30:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css

185.244.209.62

200 OK

8.3 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
8.3 kB (8348 bytes)
Hash
f162dc4526a0206a82b325e199dc1d63
2de126638549f1dd286e59f1b44550bba2f5ca83
35d4e93bfea9c823d13d324374ea1740c103c905ce2c4d64681d9480710bb1bf

HTTP Headers

GET /genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: text/css
last-modified: Fri, 05 Apr 2024 07:40:06 GMT
etag: W/"4610c92e7697e57d1149e233ef5edab2"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-856e5aadf1250ae6c24069a77e96dbc5-57548f117119aeb4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-05T09:04:13+00:00, 2024-04-26T22:04:59+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285

178.253.29.47

200 OK

141 B

URL GET HTTP/2
1xlite-660473.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
141 B (141 bytes)
Hash
bd9be2fa89d26e9e6f1b2e08ffcd0ed6
90eae25ee792254c7ca97e98c5782078f9bdc37f
c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 20
x-request-id: 44287a32c616b3e8bef3c541146259a4
x-request-guid: 44287a32c616b3e8bef3c541146259a4
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.4770030975342, wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-660473.top/version.json?timestamp=1714171207162

178.253.29.47

200 OK

44 B

URL GET HTTP/2
1xlite-660473.top/version.json?timestamp=1714171207162
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
2677fe1699935f36e2dec0b920ae6775
6aacbcc989d759c182718547b77eda21b665dd57
df24622b277b22705c70d9e48bb2dc40c5dcd69e570d2ab55e694d02a0161094

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1714171207162 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 44
last-modified: Fri, 26 Apr 2024 12:33:00 GMT
vary: Accept-Encoding
etag: "662b9efc-2c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 22:41:07 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2

1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.47

200 OK

23 B

URL POST HTTP/2
1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
03556871b250dcca27e7f87837357dbe
e93bab470a5bb15dfe7f300e63f61b6bffe689af
887472fc32c2226272524e13f45335723e4c2ea8c6032187cf7999c8a0deb8b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Content-Type: application/json
X-Lang: en
X-Uuid: ff12b122-4303-40a9-bd1d-4fa8be5cc141
Content-Length: 78
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2

1xlite-660473.top/checker/redirect/stat/run/

178.253.29.47

200 OK

14 B

URL GET HTTP/2
1xlite-660473.top/checker/redirect/stat/run/
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.021
X-Firefox-Spdy: h2

1xlite-660473.top/blocks-api/api/v1/block/light?referralParams=1

178.253.29.47

200 OK

69 B

URL GET HTTP/2
1xlite-660473.top/blocks-api/api/v1/block/light?referralParams=1
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
69 B (69 bytes)
Hash
ab03868d622f82c706778dbcafb3c4b1
9c7a1bc7bc8da4fc19067c82d2862a9e997c76ba
46e5319d5d8fc85aac10fbc9fa5a516ee8c03d2584f304966676129794360686

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /blocks-api/api/v1/block/light?referralParams=1 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 69
x-request-guid: 81ba91d460f60021b9be1df2994c4d0f
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.188
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-457087b4250a352f5662a2a9fafa7efa-56e2fd46e0b20d26-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-03T07:12:40+00:00, 2024-04-26T22:39:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Betting.Core-fc6385cb.js

185.244.209.62

200 OK

1.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Betting.Core-fc6385cb.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2438), with no line terminators
Size
1.6 kB (1585 bytes)
Hash
982af934c8a3a7d2eb768383e2a0b2ac
13ca56f51e82e56c736339404f8b94aae6df1113
e63e483f2aaf1b76c5c464e5a62819a21237917fa1a6eb53d85dee5ee2681d19

HTTP Headers

GET /_nuxt/desktop/default/Betting.Core-fc6385cb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 1585
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-631"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:21 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-98b58dcc825df19b079915b593f8c44c-d4e81a9f3a462fea-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:21+00:00, 2024-04-26T13:25:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json

178.253.29.47

200 OK

543 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
543 B (543 bytes)
Hash
2f999350fc2eea344d910e8a01de406d
bcfeaa8fadc7ca87115d7e36c955bd0df504b8ad
c73c55fa3a522662241013a108e6043dd4cde3fbfa2be0ed4a4940582e26ed36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 543
last-modified: Thu, 29 Feb 2024 14:14:28 GMT
etag: "2f999350fc2eea344d910e8a01de406d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json

178.253.29.47

200 OK

822 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
822 B (822 bytes)
Hash
be781196159e458a9a157a93f6981363
54b5bb6ddb54aefb6dc1eeeab89afdf48079e959
71bf1763541ee0d4298863f03c291b09029668d448e8077518717b8810ac910f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 822
last-modified: Mon, 08 Apr 2024 09:13:00 GMT
etag: "be781196159e458a9a157a93f6981363"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json

178.253.29.47

200 OK

499 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
499 B (499 bytes)
Hash
e3d17d66f9e675ca9273e04470203275
e676da597ad577652921e9af98e79b986ec158ae
5c26acb3823aedc062268da24385061135d42171888bb5f5a0a8f63ba09c67d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 499
last-modified: Mon, 05 Jun 2023 14:13:26 GMT
etag: "e3d17d66f9e675ca9273e04470203275"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json

178.253.29.47

200 OK

182 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
182 B (182 bytes)
Hash
e4c69ca8e3916987138c95a26642f53a
411149ef1233c191122618916dc7fa4965a30f7c
9bbbe99b83a20d3d0bd65ab0b343de560c6d437a74a4835786bbd6a58bb0e08e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 182
last-modified: Tue, 11 Apr 2023 17:53:40 GMT
etag: "e4c69ca8e3916987138c95a26642f53a"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json

178.253.29.47

200 OK

958 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
958 B (958 bytes)
Hash
24ec1c171afe6836881e2fba1ed559a0
588a08d22de446d484f8f51402994f37ff2527c2
a0c14f5476683e6eb7381c1820c0e914c02911ab9d24170e61548e661017f96f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 958
last-modified: Tue, 18 Apr 2023 10:33:32 GMT
etag: "24ec1c171afe6836881e2fba1ed559a0"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json

178.253.29.47

200 OK

184 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
184 B (184 bytes)
Hash
36777c63209967831ddd2926e229b69b
7a59de3bd5fd0406a1becbd4fc6bdb49a996a0fa
c2087429233dc14f1ad96cf9b7d1f4ecf0f32fabab7fc37999644a488d10dbc2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 184
last-modified: Thu, 09 Nov 2023 06:22:56 GMT
etag: "36777c63209967831ddd2926e229b69b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json

178.253.29.47

200 OK

249 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
249 B (249 bytes)
Hash
2209ca3135f40bfbb67fd12b887402a9
c50e4585ffcffda7271c68c2685ce7c4eab91138
85d2140ab013caf8951d9bafb1ea7f5e95518e694f095ad43ec3d29926741c36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 249
last-modified: Tue, 05 Sep 2023 10:23:36 GMT
etag: "2209ca3135f40bfbb67fd12b887402a9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.044
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3229), with no line terminators
Size
1.5 kB (1450 bytes)
Hash
fa6020f2d4e598b5afa5bb72e0c4d2aa
52c7fb50959707c999f0a3b1a192cd3884319fd1
28a7cee0e15f4c6f9262e16dc900063fcc30017410241306903c852861bb2852

HTTP Headers

GET /_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 1450
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-5aa"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-65bcf3fce04df8f9d5198f54e0242f10-62025e1e9639a63d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-683c6f08.js

185.244.209.62

200 OK

6.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-683c6f08.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (18819), with no line terminators
Size
6.1 kB (6136 bytes)
Hash
40f4cf9e701933692780a2ef6970211b
d55424c6ca76f072de2a3bcae7c396335a8b496d
453d184c31e22b5501cb6dc50967fb92ec5b92799db47eb36bd35c89aaf8ebf2

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-683c6f08.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 6136
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-17f8"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-602e05dac7ab39733ed8197568e81319-ba225bb5b3bd3f8e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:33+00:00, 2024-04-26T14:00:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json

178.253.29.47

200 OK

503 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
503 B (503 bytes)
Hash
dfe0c8d8abf7084df9e624f1f4065e59
6cbd38545e7ff3ee00aca5c80f5eb9847da631b5
e596939ede2be48722c636d78de1ec21e3ab6b65a7d86044ea2cff3fe3e8897f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 18:28:29 GMT
etag: W/"dfe0c8d8abf7084df9e624f1f4065e59"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.045
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json

178.253.29.47

200 OK

12 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
12 kB (11773 bytes)
Hash
9e5da15e44d6b6bab0cfc7c07ba9495d
4a67254b45112089d0833028de0c9c81acb930a3
0d51ae7eaa1511001f9b8b562a49d1b55d177a655f26035364485f02d5384af9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Sat, 20 Apr 2024 09:17:16 GMT
etag: W/"9e5da15e44d6b6bab0cfc7c07ba9495d"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.045
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3205e593.js

185.244.209.62

200 OK

8.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3205e593.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (25972)
Size
8.5 kB (8518 bytes)
Hash
5bbaaf26c18bce582629f29ccd1101ec
58e6d8affeeb2fa928aa6fccda50beb4ca37df23
9c8ade7d97673087e40ecba27e40a54ac42b903e1cd8ff3cdb6ad661669bf679

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3205e593.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 8518
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-2146"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2597062a7c3c48c736810db0a4b2558f-9375b50da3fa6b42-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:38+00:00, 2024-04-26T11:34:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f30c51d3.css

185.244.209.62

200 OK

2.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/f30c51d3.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (17332), with no line terminators
Size
2.8 kB (2768 bytes)
Hash
8985eda76c9f1cd453bcd4d31f0a7c9f
97e0e4dfcff82550adbe8e5540b540ee7da43ef0
73c0eafd657a3ec8b6a5c121e5546beb3abad442a7a184c919d9880320cfa970

HTTP Headers

GET /_nuxt/desktop/default/css/f30c51d3.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: text/css
content-length: 2768
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-ad0"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f3b003bafcbe98017cbaf787b85fb52b-8dfcef5de050d537-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:43+00:00, 2024-04-26T12:07:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-f64daa17.js

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-f64daa17.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (58193), with no line terminators
Size
14 kB (14306 bytes)
Hash
da45ffcd75ec93718dad20c271f04c18
ea32caab89822fd96185753cf3ee8ed75824e472
39b9027ae0581c1139f4fe2494d692ae833948f8534a3e3b6091408167d76799

HTTP Headers

GET /_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-f64daa17.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 14306
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-37e2"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e22595f10339e4018d8a3ce7641bcf92-c97c385a34a103b7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:33+00:00, 2024-04-26T14:12:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/92a501bf.css

185.244.209.62

200 OK

2.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/92a501bf.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (11783), with no line terminators
Size
2.4 kB (2379 bytes)
Hash
6c49be4e90aaa352a7a35dc9f0aa9eff
1c74d93488d6a8f1745e6f95e8193a62c05ed740
7a565737116b21c0932994654fd8916144c0926c2bab60f42d36f294af61a32e

HTTP Headers

GET /_nuxt/desktop/default/css/92a501bf.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: text/css
content-length: 2379
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-94b"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4c8664fb46f794d615a3b0f3784de293-b79ede28832966fb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:43+00:00, 2024-04-26T12:07:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/registration.Main-8d6d8844.js

185.244.209.62

200 OK

23 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/registration.Main-8d6d8844.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (23058 bytes)
Hash
29bc97801044b4707c0f7427c81dffcc
07b48f7cc45fee2c1caac1bd575e16113cb4a779
c6b5b31549586b8581a44ab95bdcdab8e783843870544bfaf65299a357d82aa2

HTTP Headers

GET /_nuxt/desktop/default/registration.Main-8d6d8844.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 23058
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-5a12"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a4a18f2a45d3e45055084e9229b6a164-9649dd90306b99dd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:33+00:00, 2024-04-26T14:12:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css

185.244.209.62

200 OK

459 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1526), with no line terminators
Size
459 B (459 bytes)
Hash
97fdf5b6e7dfddf6ab251e984133b2c3
bb552fe685c52c34e0ed91e4dfaa9df2675ad086
92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3

HTTP Headers

GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: text/css
content-length: 459
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1cb"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:05:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-eebd908f238fc604fa55d15222cbe31b-ccf522ba5ab013f2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:05:16+00:00, 2024-04-26T15:00:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-d462d3ce.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-d462d3ce.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators
Size
17 kB (16830 bytes)
Hash
a53e75793287bf430c7d81e62a86551c
43ecdd497e27c96d3c886a1ccf72dca7a9f2646b
7692da0b4d0d3168af9ce3f8d1eda4fc5ad04676e7ef7949eeb46d7be78cbeca

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.media-d462d3ce.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 16830
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-41be"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-db8b9e3dcc177ea0afcdfd9d86290f8a-13934260b0c0028e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:38+00:00, 2024-04-26T11:28:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json

178.253.29.47

200 OK

2.2 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.2 kB (2159 bytes)
Hash
becb2e7c22d23ed7b8c378c346c643f1
0b4c891625b0a2b9b528309353d7f614dd6c7b3b
d30163973a6fb0b5e99419860a2b5c37a83887cacd08115b71032b1b40220edb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 07 Mar 2024 10:41:59 GMT
etag: W/"becb2e7c22d23ed7b8c378c346c643f1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.media-fd9299c8.js

185.244.209.62

200 OK

4.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.media-fd9299c8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16761), with no line terminators
Size
4.7 kB (4729 bytes)
Hash
1c5f0f2576f85aa05256ef8412e1a80e
e3fe4363d03125724ee18ca063552d21b11c791f
aced4150b67a0055a6baca50f790709de03a987b56a894479db35c63dff31455

HTTP Headers

GET /_nuxt/desktop/default/betting.media-fd9299c8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 4729
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-1279"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0cb9c3fc3e4390cafbaacd008e6f526d-6ac7d4c8e3e59dfa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:38+00:00, 2024-04-26T11:28:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/analytics-1d085c09.js

185.244.209.62

200 OK

2.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/analytics-1d085c09.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6444), with no line terminators
Size
2.4 kB (2434 bytes)
Hash
7c3b6253af0f87ab95db1b7ecb5e071c
4316078471b261fbd6b751a6b9fe613389451dca
15923078094e7c2a29dc16315acfaeed3111e1202f23accb243c9249c03e2095

HTTP Headers

GET /_nuxt/desktop/default/analytics-1d085c09.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-982"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:44 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3b5accb2544d812f1fafe863d84b4545-63cb01d15e3499ca-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:44+00:00, 2024-04-26T11:28:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137

178.253.29.47

200 OK

155 B

URL GET HTTP/2
1xlite-660473.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
155 B (155 bytes)
Hash
d9c4e764d0719887a701a2fd57d2ed20
dd9132eb122454d6202e18dc89cf3f813bd28eea
bfb3eb33d14d3606f7ef2f2ebf7194a6eba1837022e2cce1a5adaebff4226d10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json; charset=utf-8
content-length: 155
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2

1xlite-660473.top/session-api/sessions/user

178.253.29.47

200 OK

16 B

URL GET HTTP/2
1xlite-660473.top/session-api/sessions/user
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
646b2e82b65602d35f7aa6283c387e3a
b163a70c5df8e4b0861a23a04f8a6f78393747f4
b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.4340877532959, wf-uht;dur=0.022
X-Firefox-Spdy: h2

1xlite-660473.top/bff-api/event-logo/v2/suitable.json?lang=en

178.253.29.47

200 OK

2 B

URL GET HTTP/2
1xlite-660473.top/bff-api/event-logo/v2/suitable.json?lang=en
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=12.99, dt_total;dur=21.693, wf-uht;dur=0.037
traceparent: 00-90aab3d42c521d04a03bb34b7f29d528-430622fb968c052f-01
x-dt: 285
x-time-ng: 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.168

200 OK

63 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type
JavaScript source, ASCII text, with very long lines (1763)
Size
63 kB (62925 bytes)
Hash
de28fb1dc53fc2a37ed5163eb932af47
556c62eb1b62dec9f436051cfd541100f91f42f8
8c8d78d04432bb6de0dcddf3e687da2a991d6a422e6cafe5151460b8bbe8b901

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 22:40:08 GMT
expires: Fri, 26 Apr 2024 22:40:08 GMT
cache-control: private, max-age=900
last-modified: Fri, 26 Apr 2024 22:05:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 62925
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

widget.suphelper.top/injector.js

172.64.148.184

200 OK

176 kB

URL GET HTTP/2
widget.suphelper.top/injector.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
176 kB (176247 bytes)
Hash
c2a0ee2e13b9e81a4351f5f44d7efef1
7c3aee304a14d8fc845d845cc82f1be4e8eb7148
27d2589716f65bbc014b7643a1a43d066579a15700c64c614b7b31deddb32870

HTTP Headers

GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"32e7a-18f123218ef"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 26
expires: Sat, 27 Apr 2024 02:40:08 GMT
server: cloudflare
cf-ray: 87aa12a22d9556bf-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json

178.253.29.47

200 OK

12 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
12 kB (11656 bytes)
Hash
b0a50f5239a6ca38097f89684eae43e4
9610ba54f85b3199d09ccbaf5c3439cff43bf28a
5f96d5a91935d8a7f975d433db80afb8a995edc61ad2d8cbb0161b80dc7aec56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 12 May 2023 15:17:16 GMT
etag: W/"b0a50f5239a6ca38097f89684eae43e4"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.017
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714171208

178.253.29.47

200 OK

11 kB

URL GET HTTP/2
1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714171208
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
11 kB (11204 bytes)
Hash
1586a8c763353f6a3e4592e88bb466b2
59d0fa7c49af16bfb458493dc85bd01cdff6fe09
3bbd494ab6f6fce6c1f5c478178dc300b50ce73bcc8c93d3a8c42db0fe16c48d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1714171208 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=13, dt_total;dur=14.422, wf-uht;dur=0.063
traceparent: 00-59cc70f58a08d3777239e791eefe7c96-59bfc5f3ee0525e6-01
x-dt: 285
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

154 B

URL GET HTTP/1.1
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 26 Apr 2024 22:40:08 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Fri, 26 Apr 2024 22:50:08 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json

178.253.29.47

200 OK

13 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
13 kB (12993 bytes)
Hash
5f6393bd6febc268d33cb235c7eec194
819eb4409582bcea038e527fd5859dde2d13e0e7
9ae42c0a8d88add1a2d54faab5d819c619cb2a2a1eec7595fe1029a91449efb0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 14 Nov 2023 06:21:55 GMT
etag: W/"5f6393bd6febc268d33cb235c7eec194"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json

178.253.29.47

200 OK

9.6 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
9.6 kB (9615 bytes)
Hash
82be680bc6bd32b65cef0e3bda368678
5f5ac335405d9c792b43b6aee8d5ab64ac42e5ba
12800d3ad8e368dc1541e334f8f6f669549da16f62b4dae2ebb9929bd88322c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 30 Oct 2023 14:20:28 GMT
etag: W/"82be680bc6bd32b65cef0e3bda368678"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg

185.244.209.62

200 OK

3.4 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
3.4 kB (3405 bytes)
Hash
6ba383d6f07daf1ebe8e8895f9bb8a6a
3a87705862426ddc888e7f72bcdd0b6357f8cfc5
bc078059b45f271eebefbaa60536d33cb99cb243a2e9d168ccbae87788f619df

HTTP Headers

GET /sfiles/games-images/game-animations/game-85-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Jan 2024 13:34:39 GMT
etag: W/"9e7af5cc8f19e556b8696b1f616368bb"
x-amz-meta-origin-date-iso8601: 2024-01-24T13:05:40.000Z
expires: Fri, 19 Apr 2024 00:06:27 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-78bb4b60b90e80ccb313cfdf09a336c0-9e0b11a418a57514-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T03:23:59+00:00, 2024-04-26T00:36:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2043760645.1714171209&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=787510555

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2043760645.1714171209&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=787510555
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
FingerprintDE:35:DD:F6:8A:FF:6F:9D:0E:3D:27:DD:E2:B8:DE:CE:A4:6A:C8:C9
ValidityMon, 08 Apr 2024 07:44:18 GMT - Mon, 01 Jul 2024 07:44:17 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2043760645.1714171209&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=787510555 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 26 Apr 2024 22:40:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-660473.top/seo-module-api/api/v1/title?group_id=285&ref_id=1&url=https:%2F%2F1xlite-660473.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-660473.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=285

178.253.29.47

200 OK

120 B

URL GET HTTP/2
1xlite-660473.top/seo-module-api/api/v1/title?group_id=285&ref_id=1&url=https:%2F%2F1xlite-660473.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-660473.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=285
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
120 B (120 bytes)
Hash
b6f738e763b4e9542957e2534d82ed3a
473feaa411cef5e56cc1cf78267a2545a57f7444
e6e555c1a718d40a6a95accdf05b3b753d457f4bd080be4e42aaf1a4b5e30c43

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/v1/title?group_id=285&ref_id=1&url=https:%2F%2F1xlite-660473.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-660473.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=285 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
x-geoip2-country-code: ru
sub-request-id: 5bd49af9f36c45318459d92b7c3853c3
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D; _glhf=1714188984; sh.session.id=36e7e276-29d8-42d9-9e5a-a5530f584dd9; ggru=139; _ga_7JGWL9SV66=GS1.1.1714171208.1.1.1714171208.60.0.0; _ga=GA1.1.2043760645.1714171209
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/json
content-length: 120
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en3721b364f48580dc0fe20d8836e3c07a
age: 25
x-request-id: fe534e28380b18ab68ab4a1583722101
x-request-guid: fe534e28380b18ab68ab4a1583722101
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.8901824951172, wf-uht;dur=0.027
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js

172.64.148.184

200 OK

288 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
288 kB (287459 bytes)
Hash
9901b30da83534cfddea28b65caa244e
7ec8754610830f4ba760935ebd3c3657393fb0ac
8f7c047b93da7ec6e3c4fb32457f9a2d8fd5cd1711874324e9d141575c63843a

HTTP Headers

GET /_next/static/chunks/pages/_app-a10a22844227e6a6.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"f8027-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 145347
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a4ff6256bf-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/sounds/new-message.mp3

172.64.148.184

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/sounds/new-message.mp3
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo
Size
30 kB (29952 bytes)
Hash
ef9af24dc7dbd24ffd99c832e1300351
f78744a5013038446c468de14f205f2d52373fd6
5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9

HTTP Headers

GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:09 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"7500-18f123218ff"
cf-cache-status: HIT
age: 2364
expires: Sat, 27 Apr 2024 02:40:09 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa12a879b056bf-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5171), with no line terminators
Size
1.1 kB (1050 bytes)
Hash
5d231bea9b7df6bc1e9e74e3c0a231e1
2ef607f0c766fff1b4b1e90a2d98e7094c81721e
c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b

HTTP Headers

GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:09 GMT
content-type: text/css
content-length: 1050
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-41a"
content-encoding: gzip
expires: Sat, 27 Apr 2024 08:08:44 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-80cfebc86e670ba66f8a66db07392a2f-eeee93d3fa4212f4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T08:08:44+00:00, 2024-04-26T10:42:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_buildManifest.js

172.64.148.184

200 OK

9.2 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_buildManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (40444), with no line terminators
Size
9.2 kB (9184 bytes)
Hash
7f0d30250b954fa6f7259e4690d9deec
9d230264b236c6e24f5b406e1236f4ec8793e7f5
572e94aedd454568273c9c64239e47d1815179ab6d9b693bf980ee525e6386ed

HTTP Headers

GET /_next/static/724286ac/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"207-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 145347
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a50f7256bf-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js

172.64.148.184

200 OK

45 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
45 kB (45342 bytes)
Hash
896d1930437c1ab92b8a359c1d6fdaae
71e0e23d1af9722f356eb5d1c497d100ec8b0f7a
8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4

HTTP Headers

GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 12:45:49 GMT
etag: W/"22695-18b9011853a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13545797
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a4ef5e56bf-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js

172.64.148.184

200 OK

27 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (27166 bytes)
Hash
dc6852529f28802d37affa5953d07260
4edd220fe8df4b009a1775ebe57f19d40999659f
4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84

HTTP Headers

GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"12fe9-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8698611
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a4ff6456bf-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js

172.64.148.184

200 OK

108 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
108 kB (107810 bytes)
Hash
47db8ef40f7528f8d43a21748fd1f260
d91eaeb2905974e43d194e20141fc8a3696480eb
11604f8dd6a75b18f31700486769d4f1afe7f00fce36c7e1c209381cae3ec04f

HTTP Headers

GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 2558302
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a4ff6756bf-OSL
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&sid=1714171208&sct=1&seg=1&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=4452

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&sid=1714171208&sct=1&seg=1&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=4452
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&sid=1714171208&sct=1&seg=1&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=4452 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Fri, 26 Apr 2024 22:40:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

v3.traincdn.com/sys-icons/1.0.328/285/bonus.svg

185.244.209.62

200 OK

8.9 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/bonus.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
8.9 kB (8865 bytes)
Hash
ff626caede9a1638e45d20db3dbba677
a31ddc7d3f10b7c0f63a5684df2ee7cf73ce0fd0
cfee04ec4dc05bdb25c83590b605ecfa64f8370fa24a25c39720c0271b363d6d

HTTP Headers

GET /sys-icons/1.0.328/285/bonus.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"5dfc9cb3b4b0fdaa0ca8f0bebfaf0a6e"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:29 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c9cd640a0fe12cd972e3c8e114b32faa-0b46d6cd89416046-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:29+00:00, 2024-04-26T12:23:08+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/session

178.253.29.47

204 No Content

0 B

URL GET HTTP/2
1xlite-660473.top/web-api/session
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D; _glhf=1714188984; sh.session.id=36e7e276-29d8-42d9-9e5a-a5530f584dd9; ggru=139; _ga_7JGWL9SV66=GS1.1.1714171208.1.1.1714171209.59.0.0; _ga=GA1.1.2043760645.1714171209
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 26 Apr 2024 22:40:15 GMT
cache-control: no-cache, private
server-timing: p;dur=12, dt_total;dur=49.830, wf-uht;dur=0.065
traceparent: 00-79a3f321dea58ebbdbcbd31fcf934933-e6fe5640da1acb80-01
x-dt: 285
x-time-ng: 0.031
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-000a2948.js

185.244.209.62

200 OK

67 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-000a2948.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
67 kB (66631 bytes)
Hash
3cad391b1ba090af586203843e8c321d
aa49ded6cec16b05de850449016d4161be93b686
140b667c3dc687dc7f10b8f95b4c28f9c4fa7f4c5603479c2e3f6a6d656e9786

HTTP Headers

GET /_nuxt/desktop/default/vendors/conversion-000a2948.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 66631
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-10447"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:55 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2bf38624d13d1f63ac56a03e8f7c9280-972f081bd0e2bfba-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:55+00:00, 2024-04-26T11:34:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/

172.64.148.184

200 OK

102 kB

URL GET HTTP/2
widget.suphelper.top/
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
102 kB (101985 bytes)
Hash
e8b3da11f0f15df9d783da4b2245fa09
c6da94ca7169df580918397b414d9c6403875913
9bf39617bee5ef623b068c4cb484c870395ccf8aa7f2a67e5e70a547a77373e0

HTTP Headers

GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87aa12a3be9856bf-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:17 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9b5788f05274ba66ccb0d63bdefd3471-05361d925c8acc35-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-04-26T22:27:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:17 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-78998b817c81ccf63c575ec957a3b923-c441dcfa9da144f6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-04-26T21:43:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:17 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ecf68675e4f6c8a1fb35806074d5dd51-01d19c8eabcfaabb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-04-26T22:21:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/hd-api/external/api/web/v1/j/41949f8i13291l5f49f4e2f512fe14358e70833b15b2a97ab9ff

178.253.29.47

200 OK

515 B

URL POST HTTP/2
1xlite-660473.top/hd-api/external/api/web/v1/j/41949f8i13291l5f49f4e2f512fe14358e70833b15b2a97ab9ff
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
515 B (515 bytes)
Hash
aa871d9ba89eeef886be84720cf55a4e
6cb72455ad6fba7af44df5a8629b8fe1597c6e51
653e83e013773f35d3fd4cfdb669c2c7e28b68f914a47c7d88f8c988eef570ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/api/web/v1/j/41949f8i13291l5f49f4e2f512fe14358e70833b15b2a97ab9ff HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?type=fast
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105936
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D; _glhf=1714188984; sh.session.id=36e7e276-29d8-42d9-9e5a-a5530f584dd9; ggru=139; _ga_7JGWL9SV66=GS1.1.1714171208.1.1.1714171209.59.0.0; _ga=GA1.1.2043760645.1714171209
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:17 GMT
content-type: application/json
content-length: 515
content-encoding: gzip
traceparent: 00-fa7e84bbd32729c4564691c43b744f82-1e9566a482bfc7d4-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 263442dfff599ca701e6fe473ed485e1
x-time-ng: 0.227
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=239.718, wf-uht;dur=0.292
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js

172.64.148.184

200 OK

9.8 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
9.8 kB (9756 bytes)
Hash
973b2a09f96816c8138bce3ac69cdf62
f572d6663c7824f054ce0e6b6deb630f8a3c2b91
07cf0984bd834edaeacea5b8790dbe715821408a6e1e8135b54a837b0fa39bea

HTTP Headers

GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"8f42-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13543950
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a7e95156bf-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/common.svg

185.244.209.62

200 OK

69 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
69 kB (68752 bytes)
Hash
e554eebfba86a5bbc64d11ba6bcff3e5
95d47426d3a890d42c8de332722414c2cb69534b
24a29d95ef7664658043e5c2e5687f8b4137062993b3f3bb5e3944a5ad6e3177

HTTP Headers

GET /sys-icons/1.0.328/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f430db2a8ab79054f5728e462ce63403-7abdf1fa594b339b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:01+00:00, 2024-04-26T11:22:53+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

refpa5139455.top/L?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration

178.253.14.18

303 See Other

575 kB

URL User Request GET HTTP/2
refpa5139455.top/L?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
IP
178.253.14.18:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subjectrefpa5139455.top
Fingerprint24:95:C4:83:12:F4:A0:52:96:3D:6D:6D:DA:16:C6:81:8B:D4:BB:7B
ValidityMon, 11 Mar 2024 05:17:21 GMT - Sun, 09 Jun 2024 05:17:20 GMT

File type

Size
575 kB (574837 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /L?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration HTTP/1.1
Host: refpa5139455.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
server: nginx
date: Fri, 26 Apr 2024 22:40:05 GMT
cache-control: private
location: https://1xlite-660473.top:443/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
x-aspnetmvc-version: 5.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.004
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js

172.64.148.184

200 OK

10 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (10533), with no line terminators
Size
10 kB (10533 bytes)
Hash
54b2d4e92e16d2ea51898124107af46a
ab4225b696e63c9040de1511fa229cf65b4d3750
e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662

HTTP Headers

GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8698611
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a4ff6656bf-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/web/v1/config/actualDomain

178.253.29.47

200 OK

269 B

URL GET HTTP/2
1xlite-660473.top/web-api/api/web/v1/config/actualDomain
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (309), with no line terminators
Size
269 B (269 bytes)
Hash
6469b5c07a262f60f11e004ac72262b1
978ec0042baae49cb3bc8a7882055ec9a053e522
459c4cead3579c67475b231f8d8e21e599e27ecf8108d8ba29dd10a558b43f53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=14, dt_total;dur=44.874, wf-uht;dur=0.155
set-cookie: SESSION=30755b200053c8f93a496c3ea51b4aeb; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-a07fee4047b3ae7be27ba2df33ae429b-d6c9cbaf70caf02a-01
x-dt: 285
x-time-ng: 0.030
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/v3/bonuses/welcome-bonuses

178.253.29.47

200 OK

675 B

URL GET HTTP/2
1xlite-660473.top/web-api/api/v3/bonuses/welcome-bonuses
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (769), with no line terminators
Size
675 B (675 bytes)
Hash
1e6e14eba274fc1ddb4d1fd9798ba788
9a9ea308099bd2de7a9861293324e153b276d91a
c3595ff52dc75767b58ffbf178a083df55e10d8d6dbcf76b24b0a76a5f9d9481

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/welcome-bonuses HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=18, dt_total;dur=42.207, wf-uht;dur=0.062
traceparent: 00-0cec09b49e4558a181f7ae89c7b2e1f5-8a605bae444ceba1-01
x-dt: 285
x-time-ng: 0.033
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css

185.244.209.62

200 OK

7.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7006), with no line terminators
Size
7.0 kB (7000 bytes)
Hash
522d7d5f86a1754eb7f6b6297bdb391f
5b299d090cc4af5b0f7f56a36072e8ae8ed6c45a
3afe3e2cc826264cde82bf7f1102b65ebce448dcec42e14eab6489ee36fc3687

HTTP Headers

GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: text/css
content-length: 1486
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-5ce"
content-encoding: gzip
expires: Sat, 27 Apr 2024 14:33:21 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d9577552b59aeb949c34454f5a77b9aa-1408eb97b846796c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T14:33:21+00:00, 2024-04-26T16:13:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714171208&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=3330

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714171208&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=3330
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714171208&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=3330 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Fri, 26 Apr 2024 22:40:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&sid=1714171208&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=9454

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&sid=1714171208&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=9454
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&sid=1714171208&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=9454 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Fri, 26 Apr 2024 22:40:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

v3.traincdn.com/sys-icons/1.0.328/285/country.svg

185.244.209.62

200 OK

178 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/country.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
178 kB (178404 bytes)
Hash
60caf0d666af828706b3d83c428a31e4
0f687988f8e835cb514794a4dbf7bb98613865f2
493ff1845dd1167680740cc525f4fb69ecdc4332265e83e76c26296a5001a602

HTTP Headers

GET /sys-icons/1.0.328/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:09 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:03 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0724cc1e6d1c6bda4ccec7190955b985-5ba4e456acc1794b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:03+00:00, 2024-04-26T11:06:30+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json

178.253.29.47

200 OK

2.6 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (2854), with no line terminators
Size
2.6 kB (2589 bytes)
Hash
ecacc4d3ca1ba475ef20875ff4225f06
528aa5b0070cfcd78034449c40533e51278cba2a
328065b0030c77de9cafba92ec86d89b32ca55f32a3a251cdb7687f1f44c4859

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 14:59:39 GMT
etag: W/"269ccea9c3f07d37d497b4911e5d6e0b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json

178.253.29.47

200 OK

2.1 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (2345), with no line terminators
Size
2.1 kB (2128 bytes)
Hash
f28a40d30a99fab8a5ccced08db52f77
063e77333797a10e097679a1e4d17269fc6d3b6b
a46ea2afe2103a473c90b17137f840e29d578a74d191daac521d45e9d3cf1d6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-7d2adbe4.js

185.244.209.62

200 OK

40 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-7d2adbe4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (39925), with no line terminators
Size
40 kB (39925 bytes)
Hash
09f719ce338786eee766f484042e3ac0
205337e84727f25d00b53890d39012386860c183
aea7bb8d8fae31b8018b3d76ac917f939f9b2a8bb6928bbe7bb74f196ec1ea73

HTTP Headers

GET /_nuxt/desktop/default/vendors/Registration.Fields-7d2adbe4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 8881
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-22b1"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-24cd21ad9fae5d67693ae4790a8999a8-71e90dc8dab352a2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:34+00:00, 2024-04-26T13:26:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json

178.253.29.47

200 OK

8.1 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (8926), with no line terminators
Size
8.1 kB (8075 bytes)
Hash
33a8d84b65be76b07b379586ce0f30f4
d3c3a3a7c188444d7c25961a62149b97f9de1725
8cbf747c3e3ffa25baee745930d5855d78ec027e3e0c6e0bc69bfde8bc16aeaa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 13 Dec 2023 14:46:07 GMT
etag: W/"a60fb63e7c35ba8cdb1d0851ff960b1b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js

172.64.148.184

200 OK

3.8 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (3855), with no line terminators
Size
3.8 kB (3792 bytes)
Hash
7288e202ab8e4cf1b7f60eed709e0986
c10effeb29bf129a7c81688b9f3a7d5485272e87
56e695b4675b50d55a92f006109771a67da822050f5ae03fd2ad02c1a9565b58

HTTP Headers

GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13545797
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a4ef5d56bf-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration

178.253.29.47

200 OK

575 kB

URL User Request GET HTTP/2
1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
575 kB (574837 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:05 GMT
content-type: text/html; charset=utf-8
content-encoding: br
server-timing: total;dur=10;desc="Nuxt Server Time", total;dur=14;desc="Nuxt Server Time", dt_total;dur=21.089, wf-uht;dur=0.057
traceparent: 00-50b253ed5b2f4a9a19166455aaee952a-3f5ceb70c86f5436-01
vary: Accept-Encoding
x-dt: 285
x-frame-options: SAMEORIGIN
x-from-cache: 1
x-time-ng: 0.020
strict-transport-security: max-age=63072000; includeSubDomains; preload
set-cookie: platform_type=desktop; Path=/; Expires=Mon, 29 Apr 2024 22:40:05 GMT; Secure; SameSite=None; Partitioned
auid=sv0dL2YsLUV1PlsMAw5uAg==; path=/; secure; httponly; samesite=lax
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js

172.64.148.184

200 OK

481 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
481 kB (480579 bytes)
Hash
46260bb46d51262abee818c0c3bcf1c6
fe3be222aec74704fad1fa2559788b1fa287094a
20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c

HTTP Headers

GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8696156
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a4ff6356bf-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/user/secure

178.253.29.47

200 OK

58 B

URL POST HTTP/2
1xlite-660473.top/web-api/user/secure
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
b4cd2c1a35981d5de702e7fc99e4083c
b87c366b4bfee0defb7b29db59ae218946b17535
16400f359791f6f737a80ce02e3d62940f1e2837a6440bf7152d3110a735cdc6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/user/secure HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=16, dt_total;dur=36.561, wf-uht;dur=0.052
set-cookie: _glhf=1714188984; expires=Fri, 26-Apr-2024 23:40:08 GMT; Max-Age=3600; path=/
traceparent: 00-fa8d2a065a347f291ecdd72b8067190b-e620057bfb4d990a-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.027
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_ssgManifest.js

172.64.148.184

200 OK

77 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_ssgManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
b6652df95db52feb4daf4eca35380933
65451d110137761b318c82d9071c042db80c4036
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

HTTP Headers

GET /_next/static/724286ac/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"4d-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 145338
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a50f7356bf-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

390 B

URL GET HTTP/1.1
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (401), with no line terminators
Size
390 B (390 bytes)
Hash
41f91def4fb1d0becfdad5450e17dba6
17135e0326da4c71d38c2b07e230fa6ffdf16ba4
2b3a3cd4c97d33ddba33c7ac624b311cd035b41391ae3fab3a6bd5ca6f384a9f

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 22:40:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Fri, 10 May 2024 22:40:08 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714171208&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=3416

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714171208&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=3416
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171208091&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2043760645.1714171209&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714171208&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D1qnkm0a4lic3u%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=3416 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Fri, 26 Apr 2024 22:40:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json

178.253.29.47

200 OK

3.5 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (3821), with no line terminators
Size
3.5 kB (3484 bytes)
Hash
f342ac5d01dcda4500f8848382fbf264
7e6b6104b4d0bf5308c9255611771bdb105517de
3710268c1a1858520b32780c7ce6c4bc0e456ce106be2b51c5554663b4c02a41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 06:25:42 GMT
etag: W/"4ceca6711e35f002e5d82e7e710000c1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/v3/bonuses/first-deposit

178.253.29.47

200 OK

426 B

URL GET HTTP/2
1xlite-660473.top/web-api/api/v3/bonuses/first-deposit
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (464), with no line terminators
Size
426 B (426 bytes)
Hash
2d9b04c0ee3ec015e9094ce942ed9139
eebc58e94d15401f9c6737a4908018fd833d94ee
dea4bd3b63fac017709162cd44048f725c21396da41d2cfdc235812fcf2eb6fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=19, dt_total;dur=46.425, wf-uht;dur=0.133
traceparent: 00-eb84eb370563ad3aa4cd50121214eb9f-7cf75f714489d1e2-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.026
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.168

200 OK

318 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
318 kB (318174 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 22:40:08 GMT
expires: Fri, 26 Apr 2024 22:40:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104912
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/registration/fields

178.253.29.47

200 OK

32 kB

URL POST HTTP/2
1xlite-660473.top/web-api/registration/fields
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
32 kB (32009 bytes)
Hash
3b5fc74c6bee5ffbc649f663e5f6c1a3
0f00adb4eb180726ecd2abcc2317a29beceb13bd
fe1005c8a0940ff6384b2b89aa744d692b9aed79f1d72cecfa11d1bb11fa7294

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration/fields HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 19
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D; _glhf=1714188984; sh.session.id=36e7e276-29d8-42d9-9e5a-a5530f584dd9; ggru=139; _ga_7JGWL9SV66=GS1.1.1714171208.1.1.1714171208.60.0.0; _ga=GA1.1.2043760645.1714171209
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=70, dt_total;dur=91.456, wf-uht;dur=0.109
traceparent: 00-0561f3e98a94e0f79bccaec10a81ce40-34038f35500e6183-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.078
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-ee98945f.js

185.244.209.62

200 OK

32 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-ee98945f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
32 kB (31771 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-ee98945f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 9208
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-23f8"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-38b9129f90d645f624622588136a7cb0-f460babe84bc2fe2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:18+00:00, 2024-04-26T13:25:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js

172.64.148.184

200 OK

108 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107844 bytes)
Hash
83680ce862de40c43fc92e04b1ad0a3d
67eb6762545f4e1fee446794f4738d0f0577b6b4
e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75

HTTP Headers

GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13454675
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a4ef5f56bf-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js

172.64.148.184

200 OK

92 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
92 B (92 bytes)
Hash
7c3f7e060745668041278118c0bb3d6d
e639f56695b3cc30d78dce7a0084aa8299a1311a
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a

HTTP Headers

GET /_next/static/724286ac/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"5c-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 145347
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a50f7656bf-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2236e7e276-29d8-42d9-9e5a-a5530f584dd9%22%7D

172.64.148.184

200 OK

24 B

URL GET HTTP/2
widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2236e7e276-29d8-42d9-9e5a-a5530f584dd9%22%7D
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
d6bacfff68d40ad2744454c2506cc0f9
85f1f094d174fd4d78bd382c7948b95e9db93215
cd0483a083f6c73e9cd006ee073b875188c49f4025f771ecbcb795d40ac980ed

HTTP Headers

GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2236e7e276-29d8-42d9-9e5a-a5530f584dd9%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87aa12a7c94656bf-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DC-d1fb2018.js

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DC-d1fb2018.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2354), with no line terminators
Size
2.3 kB (2336 bytes)
Hash
62bce7fd507b977675858490fc5aa069
de4825e0d17b1d2c1765365ed050758593fd6a09
48b99870d267d64addb5dcc929749a3a393ddb5b745386985ebfc10b60266b5e

HTTP Headers

GET /_nuxt/desktop/default/DC-d1fb2018.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-3e7"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7f374f6d0721611bd2eb9494896c979b-72b8be5c0378ac8f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/hd-api/external/api/web/v1/converslon/load

178.253.29.47

200 OK

29 kB

URL GET HTTP/2
1xlite-660473.top/hd-api/external/api/web/v1/converslon/load
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
29 kB (28736 bytes)
Hash
be06774ac33039ad4892fbad8b714803
a2453bd4fa964a42c7464ced53811a4d82b07b51
3649eef16a3532b955941b2a9c11fb3e1e6c9fb1fa15e7fb39acd2df550c2b5a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D; _glhf=1714188984; sh.session.id=36e7e276-29d8-42d9-9e5a-a5530f584dd9; ggru=139; _ga_7JGWL9SV66=GS1.1.1714171208.1.1.1714171209.59.0.0; _ga=GA1.1.2043760645.1714171209
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:15 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-3fa66914f42914ac8b50d7b2469e1418-1743618a63eaee71-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: abef7e3426961bc76a0af250fac9e49d
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=3.820, wf-uht;dur=0.020
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/registration

178.253.29.47

200 OK

3.8 kB

URL POST HTTP/2
1xlite-660473.top/web-api/registration
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
Unicode text, UTF-8 text, with very long lines (4058), with no line terminators
Size
3.8 kB (3772 bytes)
Hash
c91b62d7c02f9f0a08ae126457f5b01a
62b4b29ff1bb55e5a2e89a45c59ad009cfb1de4c
409a0c79e02712ab1e645817fcd05b5875bd78467177e1def855088a823e04e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 18
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1280; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D; _glhf=1714188984; sh.session.id=36e7e276-29d8-42d9-9e5a-a5530f584dd9; ggru=139
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=34, dt_total;dur=60.293, wf-uht;dur=0.076
traceparent: 00-0f293e749e18e6e0096111aaad8e0b34-8c5e39ba32cddba3-01
x-dt: 285
x-time-ng: 0.036
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json

178.253.29.47

200 OK

1.0 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (1143), with no line terminators
Size
1.0 kB (1046 bytes)
Hash
533208f94c3264028f9329b6fbb58515
3f0caf33232924706c8a783e08d747ed9107826b
6fa6b3635c5a9a1e019c99d1d217f74a8aba28d8ffd260db817ef1079644a7b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 26 Jun 2023 07:10:34 GMT
etag: W/"f117f2ecd3a10db0e2d79159b68fcf2f"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js

172.64.148.184

200 OK

107 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107186 bytes)
Hash
d0a7ecc59065580118a9ea8880c58962
21573546ac5011592094ef6aea0696ccdeb2164d
e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5

HTTP Headers

GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:40:08 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 145347
expires: Sat, 26 Apr 2025 22:40:08 GMT
server: cloudflare
cf-ray: 87aa12a50f6a56bf-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css

185.244.209.62

200 OK

1.6 MB

URL GET HTTP/2
v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
1.6 MB (1550522 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-ui/2.2.11/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:06 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:41:52 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713872392.088051093
content-encoding: gzip
expires: Wed, 24 Apr 2024 14:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.008
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-988f667e7e5a31d875b4247c3d423310-3e9a79a6d048464f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T14:28:29+00:00, 2024-04-26T14:33:23+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json

178.253.29.47

200 OK

2.0 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (2238), with no line terminators
Size
2.0 kB (2039 bytes)
Hash
9c6d751199ab5a88d2386a29567eb98e
4af37f69630e8f542f1b30280ee561c07c83107f
cdc297778845a4c68445e25e9829bb406511d4da094fb4e9ba03fe9704b4ec99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dL2YsLUV1PlsMAw5uAg==; lng=en; window_width=1920; che_g=dba8b79a-34cf-346d-abd6-58f9a28364de; SESSION=30755b200053c8f93a496c3ea51b4aeb; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%221qnkm0a4lic3u%22%2C%22r%22%3A%22registration%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 28 Nov 2023 09:26:45 GMT
etag: W/"dad3a9b077bc630619a2f0a6422b65ae"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css

185.244.209.62

200 OK

64 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
64 B (64 bytes)
Hash
9deb70dd3fbdc7061ed21c5632fbc55b
22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8
be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9

HTTP Headers

GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:07 GMT
content-type: text/css
content-length: 97
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-61"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:45:24 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-205591a0543fc5cf9bcc1fcaf3fca96d-cda3b99d35df56a1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:45:24+00:00, 2024-04-26T12:06:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-7362e1b3.js

185.244.209.62

200 OK

32 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-7362e1b3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_3052235m_14189c_%5b%5dALL%5b%5dnull%5b%5dnull%5b%5dgeneral%5b%5d_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=1qnkm0a4lic3u&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
32 kB (32236 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-7362e1b3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:40:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 7382
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-1cd6"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ace531c5f235c6dd6caf7c5ee54cc24a-95da6dbad5a2164e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:38+00:00, 2024-04-26T11:28:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (57)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML