| 1xlite-461430.top/polyfills.js | 178.253.29.51 | 200 OK | 0 B |
URL GET HTTP/21xlite-461430.top/polyfills.js IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /polyfills.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:53 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js | 185.244.209.62 | | 15 kB |
URL v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (47215), with no line terminators Hash9d26081d0b3d4583fb993964e34ebc20 7354028aab0bc7bf47ae19a8ad043a5b963ac9b4 9c88d5d68f360228d938c9d263160133a15c53fd5d7989317406b54a662b469d
GET /_nuxt/desktop/default/runtime-e2ae0378.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 14754
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-39a2"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-755b36fc4217ecaf3296a2357680fcdb-5314f9747c98ff40-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T10:54:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js | 185.244.209.62 | | 9.2 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (31683), with no line terminators Hash3ca2554a30cd9245966f39206d05ed01 b7e1bc94b6c370bc32a9b57e52dfac27264afdce ff808bc9910f34faee9d25b4d9dcff5c145337ca0211d762b6c58a08f86512b4
GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 9211
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-23fb"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-81467ce33adb7e4593a02dbe4a5c1ec9-07a570da982d134d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T10:54:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-687fd893.js | 185.244.209.62 | 200 OK | 10 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-687fd893.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (40657), with no line terminators Hash9d4610cd8209d67832cf080bf61f5141 8abf1cd6de0691b6fc5c77315ed88f0a4441a3fb da2d895ba8eb08658c949976016308caf3c75c06e604495160523d09d16659f9
GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-687fd893.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 9958
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-26e6"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3e35d27bb28985391ff044ce5d931dcb-ce89c20810e2d44c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-8d3c6808.js | 185.244.209.62 | 200 OK | 4.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-8d3c6808.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (14590), with no line terminators Hash7399f5efa5d37b59176705a2377c2c45 5c11bebee2318c71972feafcd1a2a90ff47c5634 250ec267f3c9edf72e68005b6a91620725eebcd145c85d2c400dd7361a153ea7
GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-8d3c6808.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 4204
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-106c"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4aa96341621197fe621bfa4843e716c3-135b5a7b35179e55-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-ed878a1c.js | 185.244.209.62 | 200 OK | 59 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-ed878a1c.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64940), with no line terminators Hash5ff13429a94dba4fde01014c1591bdf7 1a06c2223b80f772f239ca9b43afaf9138e9f249 ac879c8f8ae127fc2be4ad3614ce26de5e7caea828b1637ae5cc1eff88be47c7
GET /_nuxt/desktop/default/Page.Betting.Main-ed878a1c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 58737
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-e571"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d3e451d55319e78d297b383b814f3b74-78fee750dd8f6f5d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css | 185.244.209.62 | | 336 B |
URL v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (1099), with no line terminators Hash6921418ff9395c44037498a4cf17ee66 31879049279e2cb5bc06b249d80d1735ef112b19 e6de221b29f3b4e47505c877067f28565ab5e1b419dc5003aca29c49596e73ab
GET /_nuxt/desktop/default/css/a7906856.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 336
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-150"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-09bd8a0f5c05b414d6739313aafaea86-e1255a92721f7b42-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-08T13:59:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css | 185.244.209.62 | 200 OK | 1.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (6716), with no line terminators Hashbe35c859b4087d52ff863e02472b7438 acce1097a331dc2ec0669d17db06c679e7c81be6 af7c9af6bda4b329f14b870f4df09e1b11e87d8dba17c30eed496dc5d27dfc1f
GET /_nuxt/desktop/default/css/6cc025d5.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 1324
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-52c"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-382a61445391fedb80223df23567d630-e28103a53f81625e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-08T13:59:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-4006d825.js | 185.244.209.62 | 200 OK | 5.9 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-4006d825.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (21430), with no line terminators Hash77615e478beec6dc548b705fc1c55c2e 2f8dbad1324027ce98da1ea4b56a23c601fe9a1b 17f9731f8dad966c8f89f8814e18699c374deff1666197abf9245d3787a12933
GET /_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-4006d825.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 5896
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1708"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ced4afb5ebb1fef71daec274f71b3fe2-2dc6a1a4bde1dd90-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-23276dd1.js | 185.244.209.62 | | 18 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-23276dd1.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65113), with no line terminators Hash95f88aaf23013ee72af96785289d78ad 6b84c0d3300d2e3b282134783be74836ee684f4c 256749431c78a25466e1fc4b433d87efe7315ec0ae78cb94f8b481b33e285d70
GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-23276dd1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 17694
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-451e"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-eb58871c13887c41d2fd129eafcb1276-cde35ea81fbee29f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-6df26894.js | 185.244.209.62 | 200 OK | 3.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-6df26894.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (13913), with no line terminators Hashc5ca2aee7a66364b1976f26d36140247 54ffe1cc763bb1e43f260e4ac2de08578ff48701 b04cf8f174cc6c981df4a2f10e2a3a28ef582f8750f8afd6e6dbb89adad82281
GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-6df26894.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 3536
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-dd0"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2f9d854e9af44025061e9be909e543a4-8ac0f349a202fca3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-cf4815fb.js | 185.244.209.62 | | 2.2 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-cf4815fb.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (7613), with no line terminators Hasha5c888bdb9f23e6caa2be4ab6b51a122 ab069acde93615e5ccc7be7b574776c3531d7d8d 58ba1711ce4cb98aa516b12ee7777335d514e05000c6b1940c75902692f6f1a1
GET /_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-cf4815fb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 2211
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8a3"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-234ec3f0183ebdace280ee6830735655-319b80e76a87c44a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css | 185.244.209.62 | | 1.5 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (8509), with no line terminators Hashb0cd3891fe08ec67c50bbdfd9f7e9181 205511f8e55a0498e8129c290759a26ba4a4db31 75c619e9cabd7b2c1939e6837909e12c51fb3e68888ba20d650cb1939f983f6e
GET /_nuxt/desktop/default/css/98ce2926.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 1491
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5d3"
content-encoding: gzip
expires: Thu, 09 May 2024 12:27:06 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-27f1b7c9e4e0b48d7a5d5c1a6888cdab-ff73f1f2ab3ffe64-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-08T13:59:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css | 185.244.209.62 | 200 OK | 2.8 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (20960), with no line terminators Hash6cae6098e169876c305ca92f82fe3cde d27c18f05738795d575c8ce370ed83cf07da0a5a 7095d096e88dd0a09d84d063de1e0eedd406b032150a5af99e796c2ac63bcfe5
GET /_nuxt/desktop/default/css/9eb4939a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 2763
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-acb"
content-encoding: gzip
expires: Thu, 09 May 2024 12:27:06 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c91b4bfcbcb66139ae28d8f9ca3c5a05-569b0c94484a28e9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:18+00:00, 2024-05-08T13:59:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-8039cb20.js | 185.244.209.62 | 200 OK | 10 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-8039cb20.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (41616), with no line terminators Hashc0ea345b071f903a7043c7de2988c6a8 bafd23f8bec59dff22183fb4d88b226b80f10c15 b0b31f578ac49eec2681748e5752f00d7fa23634610a96b7457b1906c06f0e63
GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-8039cb20.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 10288
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-2830"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-63cd031891ca611d24e5b0f2d346c67d-4f538bd1b1177b10-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-e829f008.js | 185.244.209.62 | 200 OK | 644 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-e829f008.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1333), with no line terminators Hash3d1c9a4aa6d6ce7232c9da19626fc107 ee85ed881df1aac90651e4ca11c83f3e4c374445 6822622a53f8498fff12f0381c4dcc8d7d8f5b085983bf99279214f3ac9002c7
GET /_nuxt/desktop/default/Page.Betting.Main.BettingContent-e829f008.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 644
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-284"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-09900fadac6fa50223c916594182cff4-a4bb88bdcdbc7b7b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-ac06930b.js | 185.244.209.62 | 200 OK | 3.4 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-ac06930b.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (10178), with no line terminators Hash742d0033e1d29553c749a1e323073aae dbe09fdca88f47fa291ee1cd110bcaf1b94ae3bb e8a1409bc1664ec9e5a3bb7fc5dcee5b19693e9188d15cc4c4941b0da0ef7797
GET /_nuxt/desktop/default/Layout.Betting.ExpressDay-ac06930b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 3363
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-d23"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9f3c604c4af7aa9e7468943c4fc229d1-6b629410c9f213e1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/version.json | 185.244.209.62 | 200 OK | 44 B |
URL GET HTTP/2v3.traincdn.com/version.json IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hash0b80561d133a4c31e43457feb7a88098 5a12bbbf740f5dd45ec60c7cd88c20eeed25fd35 5ce84fd81852f0c0801481e412cff8d61a241f7ea7b7ff8082738d9fe23ffd02
GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/json
content-length: 44
last-modified: Wed, 08 May 2024 10:17:36 GMT
etag: "663b5140-2c"
content-encoding: gzip
expires: Wed, 08 May 2024 10:39:14 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-458fc91e12cde19e4cbc87fe95f5356a-c31dc9dda571b2c3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:39:01+00:00, 2024-05-08T20:48:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css | 185.244.209.62 | 200 OK | 332 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (975), with no line terminators Hash31aa50dcbc858f61bf3ed903493b8431 abf67e7f02256d2d5c5e2054b2930aa9b5ece999 18337e3b3c6f57695afaca43e471c075fd711e0485b4e7f1fdc1b6fe4e8703d7
GET /_nuxt/desktop/default/css/885d64fc.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 332
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-14c"
content-encoding: gzip
expires: Thu, 09 May 2024 12:17:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a229db6cd1437544a0a28b94b431d7be-49ea58872f811e98-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:17:52+00:00, 2024-05-08T20:13:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css | 185.244.209.62 | 200 OK | 194 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (395), with no line terminators Hash7f1ee7f9ec47159043591789124ec7cc bb021131214d4b70b327355a5a947b974f2eccbd 4041bafac614e354c03b647dc8d226e140460381c4816a65528e4ba428b0a0ad
GET /_nuxt/desktop/default/css/c3d37cc4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 194
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-c2"
content-encoding: gzip
expires: Wed, 08 May 2024 09:23:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-007f213d5eb77d6dce65e17d9bb0b67e-a9df37d5650a4572-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:23:40+00:00, 2024-05-08T14:37:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/a4f501bb.css | 185.244.209.62 | | 7.4 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/a4f501bb.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (54112), with no line terminators Hash32a89d535782c71f2aee2541afe97325 9ad12cc6ccd6b059073f779e9d91c6c6674e1289 ea1bc845a76d5e0e7738e217f8f0c47ac62ace9bddebba5059499b3451aa6ef8
GET /_nuxt/desktop/default/css/a4f501bb.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 7418
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cfa"
content-encoding: gzip
expires: Thu, 09 May 2024 10:53:53 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7efc672c57d48f46f62d4828b8fae6c8-acd1ed12a4b25c58-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:53:53+00:00, 2024-05-08T11:23:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css | 185.244.209.62 | | 3.2 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (31339), with no line terminators Hash9e9b190c1ab8126c2576203d5d43ec63 a80ccb6739023605edbd86be13f38a58ff7f4906 c4a28e2bbc67a853613460727d4abba3687be55593a7513a4079ea34579fbb02
GET /_nuxt/desktop/default/css/ca542d7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 3226
last-modified: Wed, 08 May 2024 07:50:49 GMT
etag: "663b2ed9-c9a"
content-encoding: gzip
expires: Thu, 09 May 2024 09:58:02 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a36041c5d1612d8c4eb84074a24f78d9-d5cd3a2c73cb1afc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T09:58:02+00:00, 2024-05-08T10:43:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js | 185.244.209.62 | 200 OK | 2.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (8663), with no line terminators Hash17c159eb9f582ec9da7a4285b37349f0 652f12e3c4cfdad29cff1f06e709f0d18522d8ae 3562960610c72291435591709c1b63b69ad67f4d2462cbf180241330b7486bea
GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 2474
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-9aa"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-54ef3474fab49016593e71802f23b8b7-75354c33f2daaa44-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T10:54:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css | 185.244.209.62 | | 4.0 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (32277), with no line terminators Hasheeaf257a8645b90669a2ea93b8fb534e d81289258b7a5c126dd860232760852cc8ad865e 3a170c88ab694ad7552f7a84baa04ddb248c32b7f8ffe16d55dd73685de87aa6
GET /_nuxt/desktop/default/css/85148a0b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 3964
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-f7c"
content-encoding: gzip
expires: Thu, 09 May 2024 12:55:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cdca234b19c8acaf238acb94997edb39-ca19eb82ce1d36b4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:55:03+00:00, 2024-05-08T13:59:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-aed267f1.js | 185.244.209.62 | 200 OK | 7.8 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-aed267f1.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (28144), with no line terminators Hashf2e1e371620e8835e0949e490cb0d4be 604919082776628a8cae272bf8679519e7e959a6 7854277ca13e6a5b17951bba0718833dec36b7740857483e17487cbec62dcd19
GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy-aed267f1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 7776
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1e60"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e8a2af8fcb87e96c22e2ba794600bd8f-9344bd0b039e009b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:00:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-0c6d61ab.js | 185.244.209.62 | 200 OK | 8.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-0c6d61ab.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (29805), with no line terminators Hashe926766cbb585164e5c23e84b7dcd1f8 197062a6a589948f0b59b654c02030461d26ab73 96ad9027d7d1330c90aef5d6e8366a6773fabe4910d674b28a7a8c9819d279e8
GET /_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-0c6d61ab.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 8279
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-2057"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3a3f49dd44a01cf9089f497ca853deb5-bda98da58bb2e88f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:00:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css | 185.244.209.62 | | 1.1 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (4632), with no line terminators Hashf74d8b7e31b6ab236a9577348874385d 87091e6542649037a05fc137fa449b713c85225d b33d72295f1edbfc13da30236c4b811cffe4ba8ef758a515914cd69cf02edbf8
GET /_nuxt/desktop/default/css/5cfdf959.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 1113
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-459"
content-encoding: gzip
expires: Wed, 08 May 2024 06:45:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9efc92c6aa91deeb40d3914f497b875f-90bee330eadf143f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T06:45:39+00:00, 2024-05-08T09:29:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-799ef317.js | 185.244.209.62 | 200 OK | 6.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-799ef317.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (20015), with no line terminators Hashb9884f137bf9a4b984ed6d6076a5f912 6fa2e191fbe206a33b3ad8a6d47eb53d7c0bf9db 90d4698de2aa1516441fad988859d49ba80624cbedbc23ebd965850469f1cbd1
GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-799ef317.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 6249
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1869"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5544ae3039cbe84f72ff6a90b2d76a3c-8a9d2fd2930d63c7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T11:00:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css | 185.244.209.62 | 200 OK | 46 B |
URL GET HTTP/2v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashf506188b04c16eaa9c664ed23f7ce58e 08d068d7fa5a84beb06ba924a35d84d6bfdab30a b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9
GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cd25d563a884e2d3f37c30cc1748a926-bea5960131f3229f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-05-08T20:09:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js | 185.244.209.62 | 200 OK | 234 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators Size234 kB (233875 bytes) Hasheb4f34c1bf9c9befda1bf247f5e1df5b 334210525b8a7dad9cf37084c56194190961b67f f6dbc277c6f693b6ce346441312122bcfd288f3c93c550e9922ec3ddc128e28e
GET /_nuxt/desktop/default/app-80fd9d0c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 233875
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-39193"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4b03afefc62d3e2442f365a15c86105b-4f2682cccf077d60-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T10:54:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css | 185.244.209.62 | 200 OK | 2.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (9958), with no line terminators Hash76a1e3dd8e25bf9a48bdd896de779d20 38c3643e25808d1f3ab167273201eac8c113c088 aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273
GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 2277
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8e5"
content-encoding: gzip
expires: Thu, 09 May 2024 11:28:05 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cfdb01b1289e2484c394d788f1b684cc-05013110d3d8fc8b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:28:05+00:00, 2024-05-08T12:10:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js | 185.244.209.62 | 200 OK | 47 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65476) Hash414c44a4caf31196b27b1c5c11628879 2536bdd8d54c6f619dc0a200015d9a7b95c08f90 07a1a14bccef15bc4e72f798aa8ae3c18decb59c7ad601832305f8180d3d3b54
GET /_nuxt/desktop/default/commons/app-e695e102.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 46806
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-b6d6"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4d633b2fdba59aa324b00fdd9520f565-5ae9845901afdb44-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T10:54:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js | 185.244.209.62 | | 267 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (61101) Size267 kB (267284 bytes) Hashde196c8e650ca4c514b5fbccb5f0fc2d fe73fce013c7cf22d6c01057981a01947484b020 27db5de650dc124db682f1dcd0bc5b018980cd52f3baaf8e4bab2d74fb9e0b5f
GET /_nuxt/desktop/default/vendors/app-7a457c68.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 267284
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-41414"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-388dd38e086de11c415d056db201ef8e-120af2849c9a2437-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T10:54:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/7c3945cb.css | 185.244.209.62 | 200 OK | 17 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/7c3945cb.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash97b6f81b90460841531e21dceae1a3f5 1116d9a217e034d8970ab1455c15e9a4d1420a14 21951b3d64319c4bc411d0b272d08f3f7d951c743b9ee4ef376091d1c24a0401
GET /_nuxt/desktop/default/css/7c3945cb.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
content-length: 17201
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-4331"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-00c2ffe62d8609f188856bb0147ef2f7-647f4eeadaf706f5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-08T10:54:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63748, version 1.0 Hash6887b6f24414dbc612dbf42ccdc76b70 8068d3abfbc6cbf35b55919da45b1f4d2d136238 fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-67c205e59bd5bba7c4724f6c4cfc74d7-8cce625f19a58793-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-08T20:34:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 | 185.244.209.62 | 200 OK | 65 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 64732, version 1.0 Hash3ac5d40d1b3966fc5eb09ecca74d9cbf a69f32357765dd321519889aeacba5e9ca893bb0 3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-25d33e59916e81973ef4c3ee80358b54-f61726feb6ac6eac-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-08T20:00:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63920, version 1.0 Hasha65527fcb58f66a7cfbc0e6b160538b4 45d260e7fa343401b5bb0df982a014f53e2d253b fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0efebccef60914982a199ba5b894a66d-edc797ae8cfaa213-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-08T19:49:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/check-ob.js | 185.244.209.62 | 200 OK | 187 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/check-ob.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text Hashced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616
GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Mon, 06 May 2024 10:23:37 GMT
etag: "6638afa9-bb"
content-encoding: gzip
expires: Tue, 07 May 2024 12:56:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ad291b507b3cd778120cb289fdd63e51-9d714244d0d3a53e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:56:18+00:00, 2024-05-08T11:36:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png | 185.244.209.62 | 200 OK | 653 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 32 x 32, 8-bit colormap, non-interlaced Hashe6f0766cbd95db33da44e7a9140648f2 5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0
GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a36b59a54645ea4c5d391fbd37f0b338-890aacee1c393094-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-05-08T20:42:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css | 185.244.209.62 | 200 OK | 194 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (395), with no line terminators Hash2818ab9c6ece35261fbf658165189623 f01f8175a7a89449a1dad5f2a7df06c5866c10af b4f0b619b6f6ece6589df376a16eae022b084640348887d3c557e20a37207583
GET /_nuxt/desktop/default/css/f5105820.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: text/css
content-length: 194
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-c2"
content-encoding: gzip
expires: Wed, 08 May 2024 09:24:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6f995ece5120f4e1996d432ea15ac358-beae93bce2adf8f9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:24:14+00:00, 2024-05-08T18:07:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-0ade32fe.js | 185.244.209.62 | 200 OK | 634 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-0ade32fe.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1235), with no line terminators Hash9b4c5178b31779a0981ed2c9776a53c7 9235df453636bc042a2a1ae0f4c515056c5c5a90 8cb9638fcdeffac9470295235a3064097fb9b59e73b95ec8102c6bb663d980d8
GET /_nuxt/desktop/default/Page.Betting.Asia.BettingContent-0ade32fe.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 634
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-27a"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-dabed2b3745af147458af03f8473972f-b96b11a0de1b0683-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:31+00:00, 2024-05-08T11:01:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css | 185.244.209.62 | | 1.3 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (6872), with no line terminators Hash7727cc93d85a2459297f9b1237fc6a92 f37f7a3ec3d30df2513a38dd2c67fefaf038edec e4559060670fd8cf92ad4e830ae9237d2bbc735470f4597ad5d943388d9248d2
GET /_nuxt/desktop/default/css/2a37879e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: text/css
content-length: 1331
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-533"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:57 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f950fcc82239f6c77b6660368a62178a-9b45489c731c80c2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:57+00:00, 2024-05-08T15:21:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-e9231dc8.js | 185.244.209.62 | 200 OK | 11 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-e9231dc8.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (40117), with no line terminators Hash0644769b808fa59af4beda42788b2e66 266dd9b95b442a01759242a55a117d083cbac67d 7f2a8da86462ef570ba1c5abe327880bcea5ec510160ea6f590a066e1a5bc6ce
GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-e9231dc8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 10688
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-29c0"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4927be34d158baa85460a19c8b53f8de-ff3d42514c79720d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-08T11:01:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-36c334d6.js | 185.244.209.62 | | 10 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-36c334d6.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (36639), with no line terminators Hash67d8ed132b1ddc0c303fd8f75f32b471 cc7d93fb03efb29743c787d310d0f0350740ca94 7221c0785ae9cc81866e4a8b7638fbeef6df772b59a60ec529e5db68a2c62117
GET /_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-36c334d6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 10104
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-2778"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f9e7e32eb760c37762abea4e3b07e477-5b5a516d5cc58b53-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-08T11:01:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-70c9070a.js | 185.244.209.62 | | 37 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-70c9070a.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (65461) Hash0708c03dd81cfcc30a6eb12e8d5a7192 91064268dc5ef484b6b8e073cde872c21b3a0fd1 4bb58dc9b93318e295ad055e8b4b1fce9eab0fddad1c4f72ff791283bb834ea0
GET /_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-70c9070a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 37176
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-9138"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-64ec29abc444688d440152399d752bb6-ca5f2ae9f91c3ae7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-08T11:01:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-3476a987.js | 185.244.209.62 | 200 OK | 5.6 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-3476a987.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (19536), with no line terminators Hash18d38aff5018dad1262fc227a68b5ec8 fe50b32177073c7724e8031febe4e3feef6e5f95 266f384d74ee49340d4cb0647e2bdb7c767409d7bf8cc35442a453bcf08bb8df
GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-3476a987.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 5573
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-15c5"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3f66d042114514a08c5ea1bfd68e58ca-154328cd2981ecb6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-08T11:01:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-7f844954.js | 185.244.209.62 | | 4.2 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-7f844954.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (14574), with no line terminators Hashd33ee67d9f23dd62c456193b4e764eb9 f6d942295c97dfa39f4a924d0256969ccbed9c62 1e80290f86bdfedcb79a9f94f3eb27f309047d2bd580d874822aaaeac3675e71
GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-7f844954.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 4193
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1061"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e83f1ec3990b6b46d6b9e5101de688ca-977ccc8e4ef5ee17-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-08T11:01:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-3636738c.js | 185.244.209.62 | | 33 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-3636738c.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64912), with no line terminators Hash1f7da36659a544fba17a29cffa971076 5c97a256ee06a1f642721e924aaf92fc6e8012f7 7283f446334be010ae677213a0b827a2e993e298bf023a85e87577edd2216c2d
GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage-3636738c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 33094
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8146"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5c9b4ac24e1f1cc5b5317c95870c3e25-188e0f27f8b640b9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-08T11:01:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/a1bf72f5.css | 185.244.209.62 | 200 OK | 6.7 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/a1bf72f5.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (53183), with no line terminators Hash4501125cd5c80c2b8acf7af843956d66 b24a3be842323cc3d17a708ff48bb84dcb652041 ec51d38db21ace66a188f18b6ae3b5a76254c28f379aaa6499bf2c79626b8820
GET /_nuxt/desktop/default/css/a1bf72f5.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: text/css
content-length: 6677
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1a15"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9d6a936e34f04ca1ad292755eecf2545-3578aae705216f3c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:33+00:00, 2024-05-08T11:01:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css | 185.244.209.62 | | 4.8 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (38649), with no line terminators Hash8ab5f1e804e2a4565dea164054ff0907 7ee2bea2c9dcb6424f707c35588a316a249270fa ce3424802faaac382a0efe23fbc285123fae95d0461ecf26e4881e1907acd9ec
GET /_nuxt/desktop/default/css/f72f2b10.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: text/css
content-length: 4780
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-12ac"
content-encoding: gzip
expires: Thu, 09 May 2024 12:28:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ff1c040c148605b92b372a7a22a78174-af52e7b0b6ac0c44-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:28:58+00:00, 2024-05-08T15:22:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-56ecd176.js | 185.244.209.62 | | 29 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-56ecd176.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64788), with no line terminators Hash07244b6ad35d8802c10a1c5fd37712be 1b41f323c8cf0006dffb57939104bf1da14b9f6b 78be75ea68fee2170ba434351d695ad2be458c1cf6a819a96e1fd932c4b2c8a1
GET /_nuxt/desktop/default/Page.Betting.Main.Asian-56ecd176.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 29394
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-72d2"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-69d54db214ea73b1613a100bb05b92ed-48a4f0a622b5a02e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:34+00:00, 2024-05-08T11:01:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js | 185.244.209.62 | | 22 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (65476) Hash4df28096a23760aa74cf3b1982ae9476 1b99d6f0622b9da8e46e85df6a0b116a8c1a9943 14e6c442824a6a4230ad98dc5046540ea35f1e7ad21b65b927495df4a54aa715
GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 21899
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-558b"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-743738e0b6388d54b7201f6d89053761-d4de5712e0c5f6d9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-08T10:54:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css | 185.244.209.62 | | 953 B |
URL v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (3352), with no line terminators Hash748da80084597d87b4ff5e98b017b07b db6ad2ec24bfcbe751a23061d935403e1163f471 4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24
GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: text/css
content-length: 953
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-3b9"
content-encoding: gzip
expires: Thu, 09 May 2024 11:05:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9087c1e94c31a09f761e714d3ffe8d25-f41d1aef48a12e5a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:05:15+00:00, 2024-05-08T15:39:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js | 185.244.209.62 | 200 OK | 8.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (26717), with no line terminators Hash5e555ad28a7c695afb377a8855610652 8f195d8ff18e3e2d1105587315d8d3102650bf3a b90b7ba895ec988a0b72b9fd21ccc3d8e1d1cc4035f57fc47be6fb00e32caacc
GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1f77"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-67744f7fa8faf18e3f1374ed8e83ad52-74559de8e2786a01-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-08T10:54:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js | 185.244.209.62 | 200 OK | 2.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (6960), with no line terminators Hash426b4077094d2bf6f0f1feab6aaaaa40 b6ac46785f2225c76aaf65d152456765df824887 864bc0a49b9b457b62b65a8902f9f07305e5010d46df4cc5416dfb8b028c2c09
GET /_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 2121
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-849"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7c4336e36f9866c9f8dfc2fc49430f2d-a1bb6e6b15aa6bd8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-08T10:58:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js | 185.244.209.62 | | 4.6 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (12527), with no line terminators Hash8113ecbe1d6d4c8904ce977109730f08 70cd411e85297f2d6dcccffba8f633e3c609ca5f 1349cb7987b5ebae2dc20a5ad955120b8983b0059549cd7f3b0db5dbf1c89ce5
GET /_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-11cc"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0436462ce2fba4494255b049a6c723ae-a4d1c00618e5b4ce-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-08T10:54:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/blocks-api/api/v1/block/light?referralParams=1 | 178.253.29.51 | | 69 B |
URL 1xlite-461430.top/blocks-api/api/v1/block/light?referralParams=1 IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashab03868d622f82c706778dbcafb3c4b1 9c7a1bc7bc8da4fc19067c82d2862a9e997c76ba 46e5319d5d8fc85aac10fbc9fa5a516ee8c03d2584f304966676129794360686
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /blocks-api/api/v1/block/light?referralParams=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 69
x-request-guid: 90263a3b338ae3a91437c9f89dbb45de
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.035
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json | 178.253.29.51 | 200 OK | 1.5 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hasheec4805fe0f6e17d5ade92a382f5b068 ca6a26fe8ea31e66c0bef88c4e7f489dce9f9a4b b50904054641c30b6b4ee7ed4290b52022825f2e9e9e3a4a060b8ecddf28c898
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 | 178.253.29.51 | 200 OK | 141 B |
URL GET HTTP/21xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashbd9be2fa89d26e9e6f1b2e08ffcd0ed6 90eae25ee792254c7ca97e98c5782078f9bdc37f c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 1513
x-request-id: 76fdf67adfb16282134a3a35ed4e01b9
x-request-guid: 76fdf67adfb16282134a3a35ed4e01b9
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.2810230255127, wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/version.json?timestamp=1715201335669 | 178.253.29.51 | 200 OK | 44 B |
URL GET HTTP/21xlite-461430.top/version.json?timestamp=1715201335669 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash0b80561d133a4c31e43457feb7a88098 5a12bbbf740f5dd45ec60c7cd88c20eeed25fd35 5ce84fd81852f0c0801481e412cff8d61a241f7ea7b7ff8082738d9fe23ffd02
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /version.json?timestamp=1715201335669 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 44
last-modified: Wed, 08 May 2024 10:17:36 GMT
vary: Accept-Encoding
etag: "663b5140-2c"
content-encoding: gzip
expires: Wed, 08 May 2024 20:49:55 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.51 | 200 OK | 23 B |
URL POST HTTP/21xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashee0de9939a74deb09d1e487fdd67c489 52380b1fffe3d48438e9ee36faffa0a4727831d6 311aea97614a33c57befa1f702829bf17d1156d069ade7a01017845437fab7fe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
Content-Type: application/json
X-Lang: en
X-Uuid: d90d24c7-592f-482d-872a-f0c642347e07
Content-Length: 78
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js | 185.244.209.62 | | 1.6 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (2508), with no line terminators Hasha961fc2d8c225c0cc2dc814175a9d9e4 9293a62e3d0f4ab392dfef6f7f7172cb9889a724 a33381e13222f9cb4ab741177e3ad9ed83e3eca14864fac385a8fc4440ff2d90
GET /_nuxt/desktop/default/Betting.Core-f89d33f6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 1645
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-66d"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8d551a3a35ddb9bf1fab9d197ddd8bf9-2cf5905bf1fc32e7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-08T10:54:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json | 178.253.29.51 | 200 OK | 543 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash2f999350fc2eea344d910e8a01de406d bcfeaa8fadc7ca87115d7e36c955bd0df504b8ad c73c55fa3a522662241013a108e6043dd4cde3fbfa2be0ed4a4940582e26ed36
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 543
last-modified: Thu, 29 Feb 2024 14:14:28 GMT
etag: "2f999350fc2eea344d910e8a01de406d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json | 178.253.29.51 | | 822 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashbe781196159e458a9a157a93f6981363 54b5bb6ddb54aefb6dc1eeeab89afdf48079e959 71bf1763541ee0d4298863f03c291b09029668d448e8077518717b8810ac910f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 822
last-modified: Mon, 08 Apr 2024 09:13:00 GMT
etag: "be781196159e458a9a157a93f6981363"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json | 178.253.29.51 | 200 OK | 499 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashe3d17d66f9e675ca9273e04470203275 e676da597ad577652921e9af98e79b986ec158ae 5c26acb3823aedc062268da24385061135d42171888bb5f5a0a8f63ba09c67d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 499
last-modified: Mon, 05 Jun 2023 14:13:26 GMT
etag: "e3d17d66f9e675ca9273e04470203275"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json | 178.253.29.51 | | 182 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashe4c69ca8e3916987138c95a26642f53a 411149ef1233c191122618916dc7fa4965a30f7c 9bbbe99b83a20d3d0bd65ab0b343de560c6d437a74a4835786bbd6a58bb0e08e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 182
last-modified: Tue, 11 Apr 2023 17:53:40 GMT
etag: "e4c69ca8e3916987138c95a26642f53a"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json | 178.253.29.51 | 200 OK | 958 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash24ec1c171afe6836881e2fba1ed559a0 588a08d22de446d484f8f51402994f37ff2527c2 a0c14f5476683e6eb7381c1820c0e914c02911ab9d24170e61548e661017f96f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 958
last-modified: Tue, 18 Apr 2023 10:33:32 GMT
etag: "24ec1c171afe6836881e2fba1ed559a0"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json | 178.253.29.51 | | 184 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash36777c63209967831ddd2926e229b69b 7a59de3bd5fd0406a1becbd4fc6bdb49a996a0fa c2087429233dc14f1ad96cf9b7d1f4ecf0f32fabab7fc37999644a488d10dbc2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 184
last-modified: Thu, 09 Nov 2023 06:22:56 GMT
etag: "36777c63209967831ddd2926e229b69b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg | 185.244.209.62 | 200 OK | 952 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash75de7b9dd64f0a8d16acaa5cfd39f55f b70d77c68809160d3a950024fc0cb548bb4f6204 803f4f8e26b22272d599fde123ba8244fecf4e2d067035933f1fa4b716c511a7
GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f38388729b4deaa868ae538bca56ee05-3aab7b825d656b16-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-05-08T20:31:14+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6ad1187cb3484eda879c74f0feda4d3c.json | 178.253.29.51 | 200 OK | 963 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6ad1187cb3484eda879c74f0feda4d3c.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashec2577e9fce5bd6c2feedb0274aba812 da8cfa04201b9a294c3ec3a3549a32386903b854 ae50719561c9e52704cdf36a060aa65121c3b3ce0de808d549198dd0068de447
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/6ad1187cb3484eda879c74f0feda4d3c.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 963
last-modified: Fri, 24 Nov 2023 09:01:49 GMT
etag: "ec2577e9fce5bd6c2feedb0274aba812"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json | 178.253.29.51 | 200 OK | 702 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashf117f2ecd3a10db0e2d79159b68fcf2f c3477f016b8a8001b765835b30c64ef6f6a37c95 59d4508907da1d618732422129b741f7288c7b344d0d0d6236f16e16c0bc257d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 26 Jun 2023 07:10:34 GMT
etag: W/"f117f2ecd3a10db0e2d79159b68fcf2f"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/21693cb8e300994c5e11861095082440.json | 178.253.29.51 | | 718 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/21693cb8e300994c5e11861095082440.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashb3f49765f8391c5fa72014c71f6c80a2 ca7d0bbf9982462654f4bcebb16990f492070217 3602e0757e12119f95edde68c94ea7ec8891bcf493b12fe0bad54e9220c596f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/21693cb8e300994c5e11861095082440.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 718
last-modified: Tue, 31 Oct 2023 09:19:23 GMT
etag: "b3f49765f8391c5fa72014c71f6c80a2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json | 178.253.29.51 | 200 OK | 884 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashc2eb16bc46aea587d16e3eb8bff889ad ed5e1e8dfaf6a7f9d067aed73191d522d71f6510 37c40a123ec6f4f9ebd9f26e2ccb1df2cfbfb98cee84ec03bb6153e6351590b9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 884
last-modified: Thu, 31 Aug 2023 12:36:01 GMT
etag: "c2eb16bc46aea587d16e3eb8bff889ad"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/checker/redirect/stat/run/ | 178.253.29.51 | | 945 B |
URL 1xlite-461430.top/checker/redirect/stat/run/ IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash741934b89418d344f6b45d01fe7ddae7 2875d1bff3ba4850c36d335664cb596c17eb6fcf 488059f86ea7968767b02087d83b3e500aa5b3686e6b2522d967ff80eb6c6af9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-time-ng: 0.002
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json | 178.253.29.51 | 200 OK | 2.3 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hasha60fb63e7c35ba8cdb1d0851ff960b1b eced63a14d178fbb15f60fcc61e97bc8cfc3fb98 2ddc5a56c47ad52370f349a00393b0cfd6385b858a1f9df75a4e0b39e0a06d53
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 13 Dec 2023 14:46:07 GMT
etag: W/"a60fb63e7c35ba8cdb1d0851ff960b1b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json | 178.253.29.51 | 200 OK | 167 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash03158ff80c6e448da55d5672eb032b77 fc39a273b30415c7431f21fecdc4a5bf2694c7e2 e584a61ab508b69c5b9a4ab2e4dd86e3b7e7094547c4739d048ab1f639a8025c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 167
last-modified: Tue, 22 Aug 2023 06:44:19 GMT
etag: "03158ff80c6e448da55d5672eb032b77"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json | 178.253.29.51 | 200 OK | 6.8 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash4ceca6711e35f002e5d82e7e710000c1 1bd282f8a354b362b4a860ef3fa2fb915f9211a8 cbb3ecf2ae1465a5d387c3e4582a5bafa1368c96db6ad3cdef0951a363dd9f0d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 06:25:42 GMT
etag: W/"4ceca6711e35f002e5d82e7e710000c1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js | 185.244.209.62 | | 1.5 kB |
URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (3230), with no line terminators Hash5233ff069edca79a361c0b2b198b55cc ba4364baebab13117998653f970a92b8ee07f900 c738fe5d4a58cfa5164ec13724b158a0021645987ebb534e1a230895b48b2e56
GET /_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5ab"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2dbc0cb3367008ed6e6e66753282ad91-ea2b250a50702bb7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-08T10:54:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-45d015a5.js | 185.244.209.62 | 200 OK | 1.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-45d015a5.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (3073), with no line terminators Hashd480de5fb5e98ac782b0bd0f059e76f0 4c835740fa9f633deed7fba057d32b6d9ada360a d283c64ddc00ff6250739d80df5c2dbc126fedd3731ee5fa1611d70a27b4d6d0
GET /_nuxt/desktop/default/ioc.dependencies.18-45d015a5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 1321
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-529"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5cc1e130c8e9ed4979407d799f6b951a-3034d3ce21e646c2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-08T11:01:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js | 185.244.209.62 | | 7.4 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (32231), with no line terminators Hashf044c79cdd766337de9617cef4fef708 e09d93c3c6e5c605672e36ea0ae6ba3c71b0f4ff abbf8ee5d929d76e03e4d3b8bc13d82fdc5688908e45a8217740b3c7a0c593eb
GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 7382
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cd6"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9638596e394896ef1facf2e30d96a307-59d63cf814382559-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-08T10:54:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-6b906b26.js | 185.244.209.62 | 200 OK | 7.7 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-6b906b26.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (31338), with no line terminators Hash7462c3ce706e3a0439d52dfd83b79f18 7fcb3c23faccec9e4ef977d403cd600ed9d47159 28be8165dfece6660276495ac167ab5161021d9f7b2159e7929e76f1a64f0a16
GET /_nuxt/desktop/default/vendors/betting.SportMenuApp-6b906b26.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 7710
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1e1e"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-09314eb6426412b54921287d3597869d-338f7a183dcee65f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-08T11:01:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css | 185.244.209.62 | | 3.0 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (22886), with no line terminators Hashf1e1bb557e1155bf9c70751dec445176 013c5224a1bbbf0d6603f25e31863aa90f279b40 7aa1af5184d161c5f279c0da3199cef2dfc0aac5e90cce3e880f1f89401a0a15
GET /_nuxt/desktop/default/css/ad481252.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: text/css
content-length: 3006
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-bbe"
content-encoding: gzip
expires: Thu, 09 May 2024 12:29:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c854d32137cc4e244f58fd70cf480556-b4581adbd42ec01b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:29:18+00:00, 2024-05-08T17:14:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/ec94cf91996e14ebe42d61b39b13ac02.json | 178.253.29.51 | | 26 kB |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/ec94cf91996e14ebe42d61b39b13ac02.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash1a092ed797a1157aafa826b6ce3d0c29 336644dca1de3d83983809add0e569ebf63ba0cb 0ac64d60cee50706a9e25342e24ac495286763c51fb74c53a2de824cbc59c1fb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/ec94cf91996e14ebe42d61b39b13ac02.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 03 Nov 2023 08:45:11 GMT
etag: W/"1a092ed797a1157aafa826b6ce3d0c29"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/85022173.css | 185.244.209.62 | 200 OK | 1.7 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/85022173.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (9757), with no line terminators Hashd9ff2bf37891da2be05d7fd5442113f5 419f63a7b47f983139a1cdc040707ab4b90bc255 05d90d1e2368c45cf52f0796d76035b98b8ab02ff57d218005ddffbfc20963c5
GET /_nuxt/desktop/default/css/85022173.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: text/css
content-length: 1731
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-6c3"
content-encoding: gzip
expires: Thu, 09 May 2024 12:56:04 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3bab804333d704a5cd7dd5a60b8a6d49-9adfeb0006afd2ea-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:56:04+00:00, 2024-05-08T17:30:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-8f216f08.js | 185.244.209.62 | 200 OK | 7.6 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-8f216f08.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (24523), with no line terminators Hasha84c24326d41c0aa0f3fb493e4bfc856 1aaaa001532b4d7589f6e0879455f6c78699c52e 296f8cc8788197eb5fd295ca003429fe2db6093eb6388c003447a5de6f31b53e
GET /_nuxt/desktop/default/betting.HomeSliderComponent-8f216f08.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 7592
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1da8"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b2936a153b0d9eadf6099eb7dc65b091-4b2e725ab8448705-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-08T11:09:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/a05707a0.css | 185.244.209.62 | 200 OK | 1.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/a05707a0.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (6442), with no line terminators Hash2b7cd76d45868e18a22be501f214c7c2 e2799c9711adb4b6b850f39a90d3b074878e2c62 81499263837bef8f4f0ea4015d21a7895e9a51ede856b8b40d9b2240c99fe7c9
GET /_nuxt/desktop/default/css/a05707a0.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: text/css
content-length: 1308
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-51c"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f7e6b7579173fecac163c77146c52e35-c3c4114aa5ac1ee1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-08T11:01:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-96d6b2c1.js | 185.244.209.62 | 200 OK | 19 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-96d6b2c1.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65283), with no line terminators Hash0fcfe75628cf7cd25fa643bfefbf5940 2d7d246eb52fbc3a2420db7a8bfa1d54e5b480fd bbb5b77e24844a594d4084e394bfa0348081335c28a3a4d172ac5ff83cdabcea
GET /_nuxt/desktop/default/betting.CentralMenuApp-96d6b2c1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 18951
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-4a07"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a70c2c702fa4ef8a82c45dfa03c8e7ab-e1f6c1c153cd46e2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-08T11:01:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css | 185.244.209.62 | 200 OK | 459 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1526), with no line terminators Hash97fdf5b6e7dfddf6ab251e984133b2c3 bb552fe685c52c34e0ed91e4dfaa9df2675ad086 92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3
GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: text/css
content-length: 459
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cb"
content-encoding: gzip
expires: Thu, 09 May 2024 11:05:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ef02fb1e85c06e9aa2362d8929477f00-0d4168ef5bbf4ca0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:05:33+00:00, 2024-05-08T15:52:57+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-81e2f8d7.js | 185.244.209.62 | 200 OK | 7.4 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-81e2f8d7.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (27479), with no line terminators Hash0b17cf75462948eeaaf7ece70cd5fba2 aebbba96a756cf09ce6a16de9e70c683b5de001d 32c6603817e972bf1aee9f736061fe43218fd74789ae76cb4cf7383176e65229
GET /_nuxt/desktop/default/vendors/betting.HomeSliderComponent-81e2f8d7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 7381
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cd5"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3a3a5bb95cdf92fa01c4d37f88c210dc-75e03e42921eee97-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-08T11:09:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js | 185.244.209.62 | | 17 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators Hash732bde6d360cd7be7ce9ce10044202ba c4fdecf84f6261b354240750525cb9d2a8d87d09 d46270d03f72eb032f9e205e2eedecdf65838a9f474b356b127474f73b66d347
GET /_nuxt/desktop/default/vendors/betting.media-49c46e45.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 16832
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-41c0"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-027e00297cc840546ae8de22ba5e4a5d-cdf54d0a2617828e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-08T10:54:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json | 178.253.29.51 | 200 OK | 7.1 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash82be680bc6bd32b65cef0e3bda368678 5f5ac335405d9c792b43b6aee8d5ab64ac42e5ba 12800d3ad8e368dc1541e334f8f6f669549da16f62b4dae2ebb9929bd88322c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 30 Oct 2023 14:20:28 GMT
etag: W/"82be680bc6bd32b65cef0e3bda368678"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json | 178.253.29.51 | 200 OK | 7.2 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash5f6393bd6febc268d33cb235c7eec194 819eb4409582bcea038e527fd5859dde2d13e0e7 9ae42c0a8d88add1a2d54faab5d819c619cb2a2a1eec7595fe1029a91449efb0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 14 Nov 2023 06:21:55 GMT
etag: W/"5f6393bd6febc268d33cb235c7eec194"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.035
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 | 178.253.29.51 | 200 OK | 176 B |
URL GET HTTP/21xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashac86deb03def477abf768a8455c8aa90 87bbc45a47946c01a6f494da652c5b1940e4a62c 6a19047f1e73a26daaac3ec171356c005d39984c931de6c0c0b4184ade05c55b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/json; charset=utf-8
content-length: 176
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/session-api/sessions/user | 178.253.29.51 | 200 OK | 16 B |
URL GET HTTP/21xlite-461430.top/session-api/sessions/user IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash646b2e82b65602d35f7aa6283c387e3a b163a70c5df8e4b0861a23a04f8a6f78393747f4 b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.2180805206299, wf-uht;dur=0.010
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css | 185.244.209.62 | | 97 B |
URL v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with no line terminators Hash9deb70dd3fbdc7061ed21c5632fbc55b 22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8 be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9
GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: text/css
content-length: 97
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-61"
content-encoding: gzip
expires: Tue, 07 May 2024 16:27:42 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1ebc246d6ea1b63ccecff37fc68c2efa-a17716e0a186c591-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T16:27:42+00:00, 2024-05-08T13:46:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js | 185.244.209.62 | 200 OK | 8.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (25972) Hash6d75d9fb64764579504c00ce537f6ff1 5661eb661bdef0a6a8bdd029ba5b7b9eb050e15e bf2a87bf4b4484a7ff05c40e1b4c94a316800dedb9445359cda5e43efa825d9f
GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 8522
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-214a"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d4271c04b94c4cf60445161b891833c1-7ce1d8ca84665d40-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-08T10:54:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (6262), with no line terminators Hash09f1bd90913ad83743065cc13ee3e0c6 0f1d49d4ddfccf474d882839c1ac901a8c1d91e6 b0222e16baaccc20a1143166da7715bbab586f1d8d8bebf26f91e98738a55a92
GET /_nuxt/desktop/default/css/25e24e18.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: text/css
content-length: 1505
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5e1"
content-encoding: gzip
expires: Thu, 09 May 2024 12:29:28 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3fb3f7bafed4b4227179f964c9aad686-3875318b18b10ceb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:29:28+00:00, 2024-05-08T16:39:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-244fe993.js | 185.244.209.62 | 200 OK | 21 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-244fe993.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash355ce5bc5ad3ce4d9f2f42f33af33a73 3cb3452330b81cf844be98de00fd4c54717c7cf8 0a79ccdbc986e060b53a249945fd32b5a2b892bfcae6cf9ff7dac154ad05d380
GET /_nuxt/desktop/default/vendors/RegistrationWidgetApp-244fe993.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 20768
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5120"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-380d3772bb11e3db7382e219aabf72a6-efa18afaf85024da-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-08T11:23:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-6e433cdf.js | 185.244.209.62 | | 578 B |
URL v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-6e433cdf.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (1003), with no line terminators Hashb9a05e5aa1c5b98c055f94570bbf4ad2 24bf68bdbe24f5b82fddbb934ad2ead865d4705e 7f6ac8faf0ffe76890d0518f7470d54e20a8b8dc92dcb433645a46aa2ccfca11
GET /_nuxt/desktop/default/betting.coupon2-6e433cdf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 578
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-242"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-eae9a502b0aefc4e49378b9f6dc774a1-fa41088652939dde-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:46+00:00, 2024-05-08T11:01:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json | 178.253.29.51 | 200 OK | 4.8 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash9e5da15e44d6b6bab0cfc7c07ba9495d 4a67254b45112089d0833028de0c9c81acb930a3 0d51ae7eaa1511001f9b8b562a49d1b55d177a655f26035364485f02d5384af9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Sat, 20 Apr 2024 09:17:16 GMT
etag: W/"9e5da15e44d6b6bab0cfc7c07ba9495d"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 | 178.253.29.51 | 200 OK | 344 B |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd9426f6bacc30c82dc4226f344e9bfe4 ccad7df8c6e1af9cfe1c4ee92b7df75a6ffdd28e 1f89516368960443ecd22c2009baf01eb432b76bf115efd9578343b259b2feab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/json; charset=utf-8
content-length: 344
cache-control: no-cache
content-encoding: br
last-modified: Wed, 08 May 2024 20:48:56 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en | 178.253.29.51 | | 2 B |
URL 1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd751713988987e9331980363e24189ce 97d170e1550eee4afc0af065b78cda302a97674c 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:57 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=17.14, dt_total;dur=175.182, wf-uht;dur=0.182
traceparent: 00-c9ed408a7bae846539b587ab8007f326-1f9f12ebc2cdb47f-01
x-dt: 285
x-time-ng: 0.175
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg | 178.253.29.51 | 200 OK | 263 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeSVG Scalable Vector Graphics image Hash28e2c161800b61b985a163f5c492ae51 8845ea940210b4ccb195cca855a598e6aaa58ed0 77c93c24e4eb0f8815a7526d405818c9a38ba6e4317f1fee588fffbc00cb17de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:57 GMT
content-type: image/svg+xml
content-length: 263
last-modified: Fri, 23 Feb 2024 10:01:24 GMT
etag: "28e2c161800b61b985a163f5c492ae51"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg | 178.253.29.51 | | 296 B |
URL 1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeSVG Scalable Vector Graphics image Hashb1bf63d00887bb0354e9d89c7d790a01 2d64ab25c9afff682abd6732f62ba62a197e972b a6a4fbbd99a0a82de03f05da827ccd9d019574bf3450727530403c2b5ce92df0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:57 GMT
content-type: image/svg+xml
content-length: 296
last-modified: Fri, 23 Feb 2024 10:03:47 GMT
etag: "b1bf63d00887bb0354e9d89c7d790a01"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg | 178.253.29.51 | 200 OK | 506 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeSVG Scalable Vector Graphics image Hash9c340eae608db0c25657b4a73d769afe 988fbf333a2e9290211cd9e6b7c98c59719012b0 b92e969acd8a1e0f9cfd1f84080ca5ccb8cb49b105299434c275a8813faf841e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:57 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Fri, 23 Feb 2024 10:03:36 GMT
etag: "9c340eae608db0c25657b4a73d769afe"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-e553050a.js | 185.244.209.62 | 200 OK | 366 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-e553050a.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (416), with no line terminators Hash5a59e1a877dfffd934287be20d74fb8f bd4f023b5d180689555d1185a1167a825549781d 2b2960e941dd6a85aebdfc7cefa2b4352fa3c462de8ade94656a97e1336f3aaf
GET /_nuxt/desktop/default/DownloadAppWidgetAnalytics-e553050a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 366
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-16e"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:47 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-dd341c30d9fa587f74161241fc664d01-280269410d6cf148-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:47+00:00, 2024-05-08T11:01:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/injector.js | 104.18.39.72 | | 77 kB |
URL widget.suphelper.top/injector.js IP104.18.39.72:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash97739f1772d22bb585f98626a3cb6d6d 807de7dd31758fd9e585ecfb4215137673d6a68b 85186e9931eb5c9fae17e23e51255ec1a67547b4b6fb74e07855703795b9370e
GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:57 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"32e7a-18f381bf77a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
expires: Thu, 09 May 2024 00:48:57 GMT
server: cloudflare
cf-ray: 880c50463a820afa-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css | 185.244.209.62 | 200 OK | 1.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (5638), with no line terminators Hashbe85f100312ee4f9396b6e89cbcb0fef 3934783d38d182ddcaccfdedbbe4fb65c266864c 06a9b859f60f7872c7beaa8286d3c1f45708dd0e1dee20f4c0d55c8719cc2983
GET /_nuxt/desktop/default/css/0e3e1e8d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:57 GMT
content-type: text/css
content-length: 1193
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-4a9"
content-encoding: gzip
expires: Thu, 09 May 2024 12:29:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a000134237f61dc9804c2a5a65eb4f85-fd28203ab30daf5c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:29:37+00:00, 2024-05-08T15:46:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-42a0f4cc.js | 185.244.209.62 | 200 OK | 4.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-42a0f4cc.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (12039), with no line terminators Hash40cbeb3b1fadfd3c0235beaf250dd48e 8fdbbea7d2085d6562e95f0530c17fce06fcf60c 72b4153b971c2a2d3093a986bbdf30b739dfa03fac8a292e9a98a55e1b97a1b4
GET /_nuxt/desktop/default/DownloadAppWidget-42a0f4cc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 4123
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-101b"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:49 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-40ff34c225e11b42b30c824fb6fbe877-ebba81cf389fbb20-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:49+00:00, 2024-05-08T11:01:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/logo-champ/86b3049b3592a71249e7cc77927822d4.webp | 185.244.209.62 | 200 OK | 7.3 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/logo-champ/86b3049b3592a71249e7cc77927822d4.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash1c59be4ac66b547cc682fbb1c014758b d8dca246fdc4a72e34d1e934bc2721ca4c1f17b9 28ca3421890ea711e51a20f2825aabeb59e79d604182cd4f76d2b2c3b92034bf
GET /sfiles/logo-champ/86b3049b3592a71249e7cc77927822d4.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 7314
last-modified: Wed, 04 Jan 2023 08:00:16 GMT
etag: "1c59be4ac66b547cc682fbb1c014758b"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c9881b52637f6a5fa6360d5807a7e749-3325cf686bb6ab1f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T14:14:25+00:00, 2024-05-08T18:24:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/external-api/config/getVideoAccessConfig | 178.253.29.51 | | 3.6 kB |
URL 1xlite-461430.top/web-api/external-api/config/getVideoAccessConfig IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashcb0bc8eedc642fc591c0eef57e6c67e5 6c62aeececef0a5ff474bb21bf569ad8d48f6bd0 c57136f602923fc19534e58f7da5a483616d80031222372e19a29fd6f22b0a0e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/config/getVideoAccessConfig HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:57 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=25, dt_total;dur=27.745, wf-uht;dur=0.039
traceparent: 00-8620461c469dfd5161bc5d0d8c6ede22-8a72d98699fecee7-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.026
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp | 185.244.209.62 | 200 OK | 684 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashab1780809fdff8a8b03ff6d33f82d7eb dd22c1c9d9b7a567f9797db1448f46eb303aef3d c5044f466c287c4937fe56c1a98d56f42694fca63be479115782faeca9beefec
GET /resized/size16/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 684
cache-control: max-age=94608000
content-disposition: inline; filename="f5db46d24aea0f9d3d07d0be290981ee.webp"
content-security-policy: script-src 'none'
expires: Wed, 02 Dec 2026 21:02:21 GMT
x-request-id: 33b63cec5fa68ab552c8f50f6b569908
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fc90f56def471807730c66af5e98d2c6-39937e55783c38c6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-03T21:02:21+00:00, 2023-12-18T08:13:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/logo-champ/a77b9d632ad5933f8f0d32727e773a47.webp | 185.244.209.62 | 200 OK | 1.4 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/logo-champ/a77b9d632ad5933f8f0d32727e773a47.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash144c63ffbf2346e0e0105f6da18e1f72 05818a758c864fa118405a0b152e31216e047dbf 40c8cc803649193320f5d674d7f7b4dd2b17ce3eb29d49e1cba609668229b8dd
GET /sfiles/logo-champ/a77b9d632ad5933f8f0d32727e773a47.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 1406
last-modified: Tue, 03 Jan 2023 16:57:08 GMT
etag: "144c63ffbf2346e0e0105f6da18e1f72"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9006dd067f93f53746d28ac3db8ac2b8-0254e1fec60e675e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-30T16:55:04+00:00, 2024-05-08T05:27:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/6290.webp | 185.244.209.62 | 200 OK | 826 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/6290.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash3b411ae33c069df4ed4add3e95f5fb35 0264661eed1a5ac175d1d35f5933819ddb7cecb6 89fcd931811625dea307969144ef58482459399379a0e1bec5e0902470e1e7c9
GET /resized/size16/sfiles/logo_teams/6290.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 826
cache-control: max-age=94608000
content-disposition: inline; filename="6290.webp"
content-security-policy: script-src 'none'
expires: Sat, 13 Feb 2027 13:53:49 GMT
x-request-id: 0800a95dcb72c07e38f5a2aa8179861e
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.062
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a06acd3a40a63687e2cb120b16926204-d50330f5bdfc6db5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-14T13:53:49+00:00, 2024-02-14T17:31:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/6160.webp | 185.244.209.62 | 200 OK | 758 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/6160.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash68c1dc14c9d911fa3a4bee116f2c3158 aafbe4482e867da99b194b47a1f04e678de5f744 0294ffb6320c3e37c0c373c350f21303205084f23824a2d26130c21af6559a99
GET /resized/size16/sfiles/logo_teams/6160.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 758
cache-control: max-age=94608000
content-disposition: inline; filename="6160.webp"
content-security-policy: script-src 'none'
expires: Tue, 30 Mar 2027 21:29:53 GMT
x-request-id: 764c0ae0c8de4b56c3990bec54e36350
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c5cd2f934f91f947c3e5b150b0be7ae1-3ebadb7d17798fb3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-30T21:29:53+00:00, 2024-03-31T09:40:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/logo-champ/407e3f43a3627577256dd6545f65adcc.webp | 185.244.209.62 | 200 OK | 4.2 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/logo-champ/407e3f43a3627577256dd6545f65adcc.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hasheeb47ddeb14a734e9b82a4134e4d96c6 d38b5f569ad87151fc7e9f8cccfc964d5f82a7b2 c3754566035e0f00775deebc3733c782637bd40e78f55299ee9c3dfaac5af2d8
GET /sfiles/logo-champ/407e3f43a3627577256dd6545f65adcc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 4224
last-modified: Thu, 28 Sep 2023 05:23:12 GMT
etag: "eeb47ddeb14a734e9b82a4134e4d96c6"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a501f620d40214c705b4b92c60cd1541-56c576f0da0e5d9e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:35:33+00:00, 2024-05-08T19:15:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/3c80510a7a3977a775c8724d5abd4d04.webp | 185.244.209.62 | | 780 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/3c80510a7a3977a775c8724d5abd4d04.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashe9fb351bd0632d769e052415ff6a5d19 8f25c33456f2365027e1b409ddc20589fabbee00 6d68c138b812b36960ad196d6924677fbdef85c16603d0b5b6576f76487f0625
GET /resized/size16/sfiles/logo_teams/3c80510a7a3977a775c8724d5abd4d04.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 780
cache-control: max-age=94608000
content-disposition: inline; filename="3c80510a7a3977a775c8724d5abd4d04.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 13:06:00 GMT
x-request-id: 097133be3739934171624f77dade32fe
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5a7df7e72a96159cd7a0a7d3c547738b-c1c3ce6db38caed0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T13:06:00+00:00, 2024-05-08T00:50:11+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/5a39013c2a9f4ce97ab03e3175b4429f.webp | 185.244.209.62 | 200 OK | 772 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/5a39013c2a9f4ce97ab03e3175b4429f.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash55e12269d7720f21d2b3baa0bd8d145f e688e74296edc55d1a6702f8fd29314b204c3509 cdac4e580f522b48481e81ad599e795a9fcd892f95d6d24f4da12cf1aa980af7
GET /resized/size16/sfiles/logo_teams/5a39013c2a9f4ce97ab03e3175b4429f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 772
cache-control: max-age=94608000
content-disposition: inline; filename="5a39013c2a9f4ce97ab03e3175b4429f.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 19:07:49 GMT
x-request-id: 9dcb6162566e3560ceef403ac78e10d2
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a4ae678c87eb14b13c6a73a8a0535d37-fe200f1916fff1ce-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T19:07:49+00:00, 2024-05-05T10:02:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/logo-champ/sub_e_sport_dota_2.webp | 185.244.209.62 | | 3.4 kB |
URL v3.traincdn.com/sfiles/logo-champ/sub_e_sport_dota_2.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hasha46689e442c017ae101b316767eca350 2a48883da6738204defdfb8f81f44f78b7bb0731 9d5e3beccf36f35346ea0fabe57602cb4beed97d6e770e7bf74fa67c963d05a4
GET /sfiles/logo-champ/sub_e_sport_dota_2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 3422
last-modified: Tue, 03 Jan 2023 12:42:31 GMT
etag: "a46689e442c017ae101b316767eca350"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-006ab904d642a79f9f62e8c754ec46f7-a3495fe9cee5c9d0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-01T14:14:31+00:00, 2024-05-08T10:50:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/f21e2ea65341ef82467015ed1ec3f35b.webp | 185.244.209.62 | 200 OK | 600 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/f21e2ea65341ef82467015ed1ec3f35b.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashe9d52e03354e95855b9bdb4f9153b7bb 19f2786a4e632045bd902c2e62a8d1c0fd1a3436 f4570e9abc45532acaa90022c7f9ec0c77254b8cfb5e051b15bdcefe9d980573
GET /resized/size16/sfiles/logo_teams/f21e2ea65341ef82467015ed1ec3f35b.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 600
cache-control: max-age=94608000
content-disposition: inline; filename="f21e2ea65341ef82467015ed1ec3f35b.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 13:00:32 GMT
x-request-id: b69c38c346ad05dbe73f19528d588d27
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-df376bc6b8394f59fa271a441cfcf943-456212c6e0230633-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T13:00:32+00:00, 2024-05-08T19:50:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/26c9616bfcb83341773385f478a6767b.webp | 185.244.209.62 | 200 OK | 726 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/26c9616bfcb83341773385f478a6767b.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash346e5ff67b76ccd6c0128318a2e137ee cf454b5bd0f0262d6665c9022690e723ac44b8fc fb6fcaf1634f4d5c36d7f7132534ee9b10774c347546b980d79368f0f2795fa4
GET /resized/size16/sfiles/logo_teams/26c9616bfcb83341773385f478a6767b.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 726
cache-control: max-age=94608000
content-disposition: inline; filename="26c9616bfcb83341773385f478a6767b.webp"
content-security-policy: script-src 'none'
expires: Mon, 03 May 2027 03:01:17 GMT
x-request-id: 1c2e8389e8d70049fd51672f642b57e7
x-time-ng: 0.029
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-16503a304a59cdd13c14ce4e020120da-b1c607a05450ef1d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T03:01:17+00:00, 2024-05-04T10:10:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/2352.webp | 185.244.209.62 | 200 OK | 748 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/2352.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash2bfadecd5ab5152c1953ca821f13341f 0a643467afc03d4b017875acd8ed7600dd4e4cc0 da282aa335147087a98df8f29a193245bf9ef8df26597ded4ba29fe68c5252d4
GET /resized/size16/sfiles/logo_teams/2352.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 748
cache-control: max-age=94608000
content-disposition: inline; filename="2352.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 14:20:10 GMT
x-request-id: 91a32c8b007819626f67058beab0a0a4
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5bbd9620617f7da9d9fd62c16c15af41-0746407a0108aec9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T14:20:10+00:00, 2024-05-08T11:01:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/2430.webp | 185.244.209.62 | 200 OK | 690 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/2430.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash725da2d6ec5408f18fb7d326e1f1a1be 3411bba906668de605d817723c53e260c3807770 b780890f57761c47d5f9940e1be3447d7f2bdac91eeb7d1a80dbbd9e49e59ce8
GET /resized/size16/sfiles/logo_teams/2430.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 690
cache-control: max-age=94608000
content-disposition: inline; filename="2430.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 20:05:49 GMT
x-request-id: 43341f44430b23f8ab10cf69c4a31215
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-798085cbbf662891bb5fb74045a1828d-0d28830c4be780a3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T20:05:49+00:00, 2024-05-08T11:01:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/375859.webp | 185.244.209.62 | 200 OK | 776 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/375859.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashb8852ad3b62f924f099e6605383e8f13 b1c6615ac8b84a1a40f9fb1dd6eca4c123256cfd 934f41dd96b448d0d0efcc8e9ef43d378c5928e24dd663aa8d67110c3dc49335
GET /resized/size16/sfiles/logo_teams/375859.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 776
cache-control: max-age=94608000
content-disposition: inline; filename="375859.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 17:58:48 GMT
x-request-id: f4fe95f3a743022c1938c232dadac596
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-389fbbc427d60cb68820f052c5a73667-e1a061ff48e8a813-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T17:58:48+00:00, 2024-05-08T19:48:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/375277.webp | 185.244.209.62 | | 746 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/375277.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hasha0d75c1acd02a3827889a1262bef5fc5 5d3c042b20da07f041e9adc48a3868f2c5475e56 d11ae7bc95beb1fad2fb56e1443dfda3ae23868aef57480c144c8633f1e99a2c
GET /resized/size16/sfiles/logo_teams/375277.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 746
cache-control: max-age=94608000
content-disposition: inline; filename="375277.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 22:09:30 GMT
x-request-id: 782a43e6e1c2f9e5dae889ecd3e19617
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-79f3c1690c7e0da15262f1c639ea57de-f5bd3945ea0bcdf5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T22:09:30+00:00, 2024-05-08T19:48:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/795995.webp | 185.244.209.62 | 200 OK | 786 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/795995.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash7e4d2583c28eb80ca2b08d6cb4e79e8c f9f3a2ce61e00408373d9a052de555069fe2887c 1eaa1c05f0aa6335f91ea1b77c3ddba3bdf6c7c811f20719f3c89aac37cee331
GET /resized/size16/sfiles/logo_teams/795995.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 786
cache-control: max-age=94608000
content-disposition: inline; filename="795995.webp"
content-security-policy: script-src 'none'
expires: Mon, 03 May 2027 14:46:11 GMT
x-request-id: dbefedc73b47f1278f2347b25b032d6e
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6290287b5378208481138c09fa9c8d86-4c14ad6572281dae-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T14:46:11+00:00, 2024-05-08T07:27:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/a322b86594c618f37757a299bd9428d8.webp | 185.244.209.62 | 200 OK | 494 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/a322b86594c618f37757a299bd9428d8.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashf5f039d2fc4997bb5f5b1c2cbf24ea59 0e073e9e843ba0a5ac0e4c47f163c24ddc86a46d 421c2a6e321ec1dcfa0a1fffde5804f7ea83c67618a98c9e9d374d1ec9da27f6
GET /resized/size16/sfiles/logo_teams/a322b86594c618f37757a299bd9428d8.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 494
cache-control: max-age=94608000
content-disposition: inline; filename="a322b86594c618f37757a299bd9428d8.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 14:33:42 GMT
x-request-id: d3145e59b481c84faa556d40449e3d50
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-84ecf40b124db478503772620a6f1544-e8e1e44af51dbad7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T14:33:42+00:00, 2024-05-08T07:27:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/2056.webp | 185.244.209.62 | 200 OK | 766 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/2056.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash4d48526650ea3505dc49ed791a936b82 d8d8b530f21ba838d078a6fa19d364b01c85a29e b3f0768ad3562e9c0325d63ec57bb7155697a3cdc18339765eafa9fb8313762b
GET /resized/size16/sfiles/logo_teams/2056.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 766
cache-control: max-age=94608000
content-disposition: inline; filename="2056.webp"
content-security-policy: script-src 'none'
expires: Mon, 15 Mar 2027 15:04:14 GMT
x-request-id: b32dc3338af8399ff700a5218d843951
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-840aa60097e605a9a3edddbcd7cdeb91-10a9ae97d55c6ace-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-15T15:04:14+00:00, 2024-04-06T08:25:57+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/22e6b121f4279dd7010af487dcd7325f.webp | 185.244.209.62 | | 756 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/22e6b121f4279dd7010af487dcd7325f.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashe88442256dc9224547fba55823624052 688234e2867e712294f6b48419999f4608c9f517 32785c1a6411e2688c8228dbaa94b5d8c88a513fb96917f4c66cf0bc1044eead
GET /resized/size16/sfiles/logo_teams/22e6b121f4279dd7010af487dcd7325f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 756
cache-control: max-age=94608000
content-disposition: inline; filename="22e6b121f4279dd7010af487dcd7325f.webp"
content-security-policy: script-src 'none'
expires: Thu, 07 Jan 2027 06:08:39 GMT
x-request-id: b35a594fa2c56d790eee296abe09614a
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-03d58b4d0ca7a2f092c617fcbc3c746d-06547c687ca2d216-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-08T06:08:39+00:00, 2024-02-27T04:54:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/12147309e5c26b2ca8e9251e977d56cc.webp | 185.244.209.62 | 200 OK | 734 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/12147309e5c26b2ca8e9251e977d56cc.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash1245293d744d0538ff06e664fb9454b1 11223decf3430852c4a4aec3f9bda8a5c9d3171b 645dc7fcf596a87df2b1c17785ee65e6356a76326ca315a673e00e7f9de41e06
GET /resized/size16/sfiles/logo_teams/12147309e5c26b2ca8e9251e977d56cc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 734
cache-control: max-age=94608000
content-disposition: inline; filename="12147309e5c26b2ca8e9251e977d56cc.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 22:50:38 GMT
x-request-id: e6f3d6cf5037dd2e3b33f567bddeb22f
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f307dd5a0e82455f5a774957c945eac4-7a02fced7f132e63-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T22:50:38+00:00, 2024-05-08T19:19:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/3308.webp | 185.244.209.62 | | 800 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/3308.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash956d8b06543aaa584efed77dc1438bf0 0f2c512ae33b291d2214aadd9e1c9291519c1bb6 eb9eb7c4a74b9564be015d897f6e9fb862994e5200b4867ee221f14c1fae59cf
GET /resized/size16/sfiles/logo_teams/3308.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 800
cache-control: max-age=94608000
content-disposition: inline; filename="3308.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 12:10:43 GMT
x-request-id: c0a231c9fb1f6153884b08eb0cc50acf
x-time-ng: 0.033
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-462c93084cb62c780c9647ea13abc7e9-7293977ce6fedbca-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:10:43+00:00, 2024-05-07T13:00:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.8 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash5fa9986dc18864e861cd4b4dee89135f 0c01fb9106ce45f6181598918852525c0f611866 9dfdf8e16cdeca96a34038f5244e133d1f961e2040ed1ebe8a23ef0b6a84a11e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: application/json; charset=utf-8
content-length: 9808
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:48:58 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-c2bb372a.js | 185.244.209.62 | | 2.3 kB |
URL v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-c2bb372a.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (7751), with no line terminators Hashd1c3350409fced81d3bdaa120774e126 b1d363217e08b0c554387b7ec8e55ca81d1b26e6 ae5f5f10dae7227a4979a2a6288d9078fabd7e3c3907f426f5614d2d84b7c45d
GET /_nuxt/desktop/default/betting.SportsMenuCompact-c2bb372a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 2285
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8ed"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:55 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-defc02d6b7a19cd7f6c8720829f783d8-b0dae328e1bb17f7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:55+00:00, 2024-05-08T11:23:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css | 185.244.209.62 | 200 OK | 705 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (4705), with no line terminators Hash2b6cccff5325f6e14ccd6ec354319cd6 f4ec05fc468d3daddec1a3d825c29a55ce4b2050 a153e31a0350b58aad71597632348e14c954738845b58f05ca04b8212dbaca38
GET /_nuxt/desktop/default/css/ff09be90.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: text/css
content-length: 705
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-2c1"
content-encoding: gzip
expires: Tue, 07 May 2024 14:41:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-36d84fbb4087f8281d60d139aff6257e-788c7d564415a6e6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:41:31+00:00, 2024-05-08T06:59:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true | 178.253.29.51 | 200 OK | 2.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashf62fa3693d903cda3f685b2a5c929ebe 35efa51aae52a86ad67e7550121e3a1b31e71089 4958cee1eb88cea6584b7293f9616d98de4e2bb628201891ac08eab101b97417
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: application/json; charset=utf-8
content-length: 2670
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:48:58 GMT
vary: Accept-Encoding
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.024
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true | 178.253.29.51 | 200 OK | 2.0 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash3b623b3e1ad081889066e3619ee213c1 e1c704f0a82daa304a60a92143a461bd40b42aa2 5269398571a102ecc9ee8147bdabe242f4cc3bbb9ca7a6fbd03a4d4cb964f720
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/json; charset=utf-8
content-length: 1955
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:48:58 GMT
vary: Accept-Encoding
x-time-ng: 0.054
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.062
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp | 185.244.209.62 | 200 OK | 6.9 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp Hashb7304b532dca88cc708b1c81edf7e051 d9ca9db864badb40bcab6d846ba7110413a339d3 324b9021e7fa1a227b418f5b0707e174d86aa20decea945eab3cea41aac8d2ca
GET /sfiles/games-images/game-previews/190x102/games-no-faceless.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/octet-stream
content-length: 6884
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "b7304b532dca88cc708b1c81edf7e051"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:10.000Z
expires: Tue, 14 Nov 2023 18:21:42 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-122a7ad13806b48c3af7cbd17aad6372-7d2dd5c2d59fa1bb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T18:59:15+00:00, 2024-05-08T08:07:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp | 185.244.209.62 | 200 OK | 8.9 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp Hash7a49dad906575c61dd636edbe1201479 d4bf0fbfadca8c6d3a7ec8f3d34d08fced98a21d 0e0cd085244f6272acfa6794d90e32685fa203973e85c62fa96f02cddf7172c6
GET /sfiles/games-images/game-previews/190x102/game-58.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/octet-stream
content-length: 8880
last-modified: Thu, 31 Aug 2023 08:11:00 GMT
etag: "7a49dad906575c61dd636edbe1201479"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:21:44 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-aa78d9c4600b89431aba91038ea01e92-40daf9c32bf494cd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-08T08:07:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp | 185.244.209.62 | 200 OK | 6.2 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp Hash64ff358fd3a82358542d29d53649dd85 0a15b0731a9468fe49e3b512febe91d951ef6156 a9ae35f930c0bf59e407a0c082347049ae11738d330df4e32f4b2b1129d1470c
GET /sfiles/games-images/game-previews/190x102/game-371.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/octet-stream
content-length: 6158
last-modified: Thu, 31 Aug 2023 08:10:58 GMT
etag: "64ff358fd3a82358542d29d53649dd85"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:04.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-566940f715e0bf7ef212f2e344d539ea-04a018995da589cb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-08T08:07:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp | 185.244.209.62 | 200 OK | 4.3 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp Hash8c2b80027d3818f6bc91227418589ee6 c6d3c4595860bd3d685e4ddea5d4610a6f642a9b cec387d33e94b8222d71031dbda50143a7ea2e1470d2c96c9e147aa4c4a43960
GET /sfiles/games-images/game-previews/190x102/game-69.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/octet-stream
content-length: 4256
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "8c2b80027d3818f6bc91227418589ee6"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-29fc32cc28ec8514ed98f2e9f8b7f6d7-b8736294ef528a24-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:23:21+00:00, 2024-05-08T12:31:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp | 185.244.209.62 | 200 OK | 20 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp Hash2c02d34e261b48da9db2682ad433c5e8 e6b9618ac0040910f755a6f24dcb2f5500bb9aca d8db064ea1623849ccee86b27bdb7825aa0dc452293576de352f9269af60ecfe
GET /sfiles/games-images/game-previews/190x102/game-249.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/octet-stream
content-length: 19770
last-modified: Thu, 31 Aug 2023 08:10:56 GMT
etag: "2c02d34e261b48da9db2682ad433c5e8"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:00.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3ee8097ab8e1873ff65a9ffa6933f0db-a732d95adc33aa5c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-08T08:07:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 | 178.253.29.51 | 200 OK | 1.3 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashfad5c4a5047ecf627afcfbfedfc3bd03 f164d9bfbaffe8f109ae86af521736118a5f4151 ffaaff6bd0d26f9865cbb1f84c7ef0b1de185deb54fc5b38f44cf0479d505c20
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:01 GMT
content-type: application/json; charset=utf-8
content-length: 1330
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:01 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.026
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/sounds/new-message.mp3 | 104.18.39.72 | 200 OK | 30 kB |
URL GET HTTP/2widget.suphelper.top/sounds/new-message.mp3 IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeMPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo Hashef9af24dc7dbd24ffd99c832e1300351 f78744a5013038446c468de14f205f2d52373fd6 5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9
GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 20:49:01 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"7500-18f381bf786"
cf-cache-status: HIT
age: 2807
expires: Thu, 09 May 2024 00:49:01 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880c50610d5e0afa-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size14/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp | 185.244.209.62 | | 722 B |
URL v3.traincdn.com/resized/size14/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashf8e8c4556e51470e25e7be47de752ab0 b8b428bc1fd846e753253df800c5fc83e6b01ff5 3ab78e2d5071024e22da3dd03afff453b7b7eb93ad0f9821ceab2c2ab9911628
GET /resized/size14/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:01 GMT
content-type: image/webp
content-length: 722
cache-control: max-age=94608000
content-disposition: inline; filename="65e3e972954419765c3ce21698edf6cb.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 07:13:34 GMT
x-request-id: c4e7b9f3bd50cc54e7b3af67389423a6
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6ddebb7770b421f2cf61dfcfc2abaa16-27d91fa6313176fe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T07:13:34+00:00, 2024-04-25T19:02:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22dd6b944b-1195-456b-ab7d-f1b7386c4d04%22%7D | 104.18.39.72 | | 728 B |
URL widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22dd6b944b-1195-456b-ab7d-f1b7386c4d04%22%7D IP104.18.39.72:0
File typegzip compressed data, from Unix Hashd4d9af3f7d1d08cc3dadb0b8623e0877 7e19cddde6b0a4ce2795f963af07c56b0ca92387 e54a46f86bd10278c3e20487a22859bc31acac3dfb9a14cbccf6fc895947c517
GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22dd6b944b-1195-456b-ab7d-f1b7386c4d04%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 20:49:01 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 880c50606c8d0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js | 185.244.209.62 | 200 OK | 8.1 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash3669a7d80e0b155dc590ca06bd91a775 825cc375590a59625c5334b0e0b6610712903851 fe226094a38f25084ded613de6f1c3557e2685cd8c31577cae3da8639cc73e61
GET /sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:02 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 11:40:16 GMT
etag: W/"518e0ae196483ada8b528a1f2b7df0a1"
x-amz-meta-mtime: 1715168276.960899899
content-encoding: gzip
expires: Thu, 09 May 2024 15:18:13 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-168a530540be45e9c14d7b2b586ff980-e15c16fd2ea56620-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T15:18:13+00:00, 2024-05-08T15:53:49+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js | 185.244.209.62 | 200 OK | 12 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hashf6396b6271fab293ac385b9ae4d3f6a4 9514774bac8fff6b8220cf3c8a30deb49531f212 9d42f32ce1e3c02cd036d06ce104d8e992f3cf7ff34eff321d1b17f58524886a
GET /sys-static/shared-assets/__shared_localforage_PLMWICWN.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:02 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 11:40:16 GMT
etag: W/"dfa127e93d125d4f6c566203eaf225f2"
x-amz-meta-mtime: 1715168276.960899899
content-encoding: gzip
expires: Thu, 09 May 2024 15:18:13 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f37952ee47f949d899911841c7c6229a-eee36b8ab53b085c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T15:18:13+00:00, 2024-05-08T16:01:11+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/2ee19f2cd6f5ec9757f892d49264c031.webp | 185.244.209.62 | 200 OK | 762 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/2ee19f2cd6f5ec9757f892d49264c031.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash6182a771a2b230b43e13184724b7090a c43e41fe782b69195b4a5bba1023281bca61d5c1 2b9508428c960ae5d3afc2e5f9bd92579a28dc366371d39bec38e86d3bc3836c
GET /resized/size16/sfiles/logo_teams/2ee19f2cd6f5ec9757f892d49264c031.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: image/webp
content-length: 762
cache-control: max-age=94608000
content-disposition: inline; filename="2ee19f2cd6f5ec9757f892d49264c031.webp"
content-security-policy: script-src 'none'
expires: Mon, 12 Apr 2027 07:57:55 GMT
x-request-id: 3ce91d242c1908324d49a5673b02260d
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6c8e143fde6665c81ea66dd9fa83f4b7-1782886fb86cae9f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-12T07:57:55+00:00, 2024-04-12T18:34:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js | 185.244.209.62 | 200 OK | 46 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash13623374c8d803c3e1f3c8efa0593557 e8177cced4bf5dedbf063ac67a5eb7a63e2d1a6a f973e9434fe07222b0587535604f9f34fc16cc653aed8cd5e725f439d4ea17b4
GET /sys-static/shared-assets/__shared_chunk_M4D4AAJL.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:02 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:12:56 GMT
etag: W/"51ddc52774f4e5bd6a6f1c22e9d19674"
x-amz-meta-mtime: 1715162892.296543943
content-encoding: gzip
expires: Thu, 09 May 2024 12:42:08 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4a577df511b8d25b1780fddadd9c84f2-cac498cbdb4c93f3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:42:08+00:00, 2024-05-08T12:51:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/10517.webp | 185.244.209.62 | 200 OK | 658 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/10517.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash1aa0ec134146f8ba2229ec5ecae97bb5 9427041b8bbdd821f1d65cc449f6d34285a9bb0e 2ade714945cc7dbce63e28b669f0586fbbbb87567e2516320a2dd7b18ca0abb6
GET /resized/size16/sfiles/logo_teams/10517.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: image/webp
content-length: 658
cache-control: max-age=94608000
content-disposition: inline; filename="10517.webp"
content-security-policy: script-src 'none'
expires: Fri, 05 Mar 2027 08:15:06 GMT
x-request-id: 7a04098782609ad0300f9fc7e173caec
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-959fe3345011e2adee30a936857432a1-7284ab044eba266b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-05T08:15:06+00:00, 2024-03-07T08:31:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json | 185.244.209.62 | 200 OK | 4.6 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash3f6084a9e0b1ca2a5862a49a57440e58 5978d8f6a71669d7be5487d9979ced1c554f070e 1f47ee2537622798328e124e40735fdab549a2802b5f64b63880a83bf2b46da6
GET /genfiles/cms/betstemplates/bets_model_short_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:01 GMT
content-type: application/json
last-modified: Wed, 08 May 2024 11:16:53 GMT
etag: W/"d3e39abc76f19e176765d21ac9e70c5c"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9a139a1c142b23b28439740f62dd8de0-97232272b5e6c501-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:55:43+00:00, 2024-05-08T20:15:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/registration/fields | 178.253.29.51 | | 7.5 kB |
URL 1xlite-461430.top/web-api/registration/fields IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash3b5fc74c6bee5ffbc649f663e5f6c1a3 0f00adb4eb180726ecd2abcc2317a29beceb13bd fe1005c8a0940ff6384b2b89aa744d692b9aed79f1d72cecfa11d1bb11fa7294
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/registration/fields HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 19
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:02 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=87, dt_total;dur=89.167, wf-uht;dur=0.100
traceparent: 00-b36e7e96c201690989f1c245e409b4a4-854a4e9fea1dd672-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.088
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/0547c74de0653cfafbc8a9c1fe937daa.webp | 185.244.209.62 | | 614 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/0547c74de0653cfafbc8a9c1fe937daa.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashc5d71edb767adcd9a074f26f04eca795 41ee6f74d7164d0105ea413b4e8aa7f723120a54 e94d6c406fd382fa57b65a50b7892d8541cba6c3b8f2275a9a6c70fa5a2ddcca
GET /resized/size16/sfiles/logo_teams/0547c74de0653cfafbc8a9c1fe937daa.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: image/webp
content-length: 614
cache-control: max-age=94608000
content-disposition: inline; filename="0547c74de0653cfafbc8a9c1fe937daa.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 08:51:05 GMT
x-request-id: f5459bc219f4402ad64fe7db8e76a45b
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-da3322b483625d948cc30e234e69e426-9b6d3db7d6ae4c3d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T08:51:05+00:00, 2024-05-05T22:40:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/1026763.webp | 185.244.209.62 | | 656 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/1026763.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash920b3e7f76452260e523c905cf568969 92809bdb21a37c369a56c5e381f3323693f2ad5f 04ff53faa0fc1e486de5392b6c7824c590cc05394a059b33bf4c213f46d20478
GET /resized/size16/sfiles/logo_teams/1026763.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: image/webp
content-length: 656
cache-control: max-age=94608000
content-disposition: inline; filename="1026763.webp"
content-security-policy: script-src 'none'
expires: Mon, 03 May 2027 04:23:42 GMT
x-request-id: 1cb88c4fb3cce133f3143f2a133626a4
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-52d99009575ae468ea082eadcd37a0b2-8365b0ba171327ea-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T04:23:42+00:00, 2024-05-08T08:05:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js | 185.244.209.62 | | 22 kB |
URL v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Hash6fecc80d5346c50fdec58fa56b77c899 e14b414a25529d3d6b5c10c2e1eb8c22db7b5e1f 5d33286f30ac12031125f90ee4e59a033f123cf4a64a99b361eadd336c915126
GET /sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:02 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 11:40:16 GMT
etag: W/"138de5d55ee831195dd90bbf5c557926"
x-amz-meta-mtime: 1715168276.964899929
content-encoding: gzip
expires: Thu, 09 May 2024 15:18:15 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6687cddc70a8a10829378d270621fb04-3598933474a44138-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T15:18:15+00:00, 2024-05-08T15:57:23+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/6276.webp | 185.244.209.62 | | 810 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/6276.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hasheef496359f2d46c9384ef84c70a16b39 48bbd9540ea8d9a1c0c43958affb0538ddb83e9e a42c111914adc8ead3bff2410e32d3fb50ca098295fdca5cd84c3a3c4114627b
GET /resized/size16/sfiles/logo_teams/6276.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: image/webp
content-length: 810
cache-control: max-age=94608000
content-disposition: inline; filename="6276.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 09:18:37 GMT
x-request-id: 1bebfd37cbf977e911cce2a0d99f7555
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f76a65692233b2dea2cbf4bc74eae4c3-503e26420cb33553-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T09:18:37+00:00, 2024-05-08T18:56:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/15437.webp | 185.244.209.62 | | 888 B |
URL v3.traincdn.com/resized/size16/sfiles/logo_teams/15437.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashcd3e5d251775cb097487524937dd5639 d6ca83b77d91b5ff6dd9e28ea32bddbbd4a3773f 05870337d7bf7ca69747dd6d1aefb50d95202b76331fa415d91e796b1f911652
GET /resized/size16/sfiles/logo_teams/15437.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: image/webp
content-length: 888
cache-control: max-age=94608000
content-disposition: inline; filename="15437.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 21:40:54 GMT
x-request-id: 99c68785e51e9326f09c1d5ac05d3009
x-time-ng: 0.040
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-93201fadc903ea0e8b99641cd5f4b01c-e6c505f003c0ad60-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T21:40:54+00:00, 2024-05-08T13:24:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/2315139.webp | 185.244.209.62 | 200 OK | 772 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/2315139.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash7a0777e224bc67518a9981c434dbd1bd 1239c3f92d2414dd7bde3542c05a38460bad452b 971746ef935172504b4c5b901581edf00ebf89e77129bfaf4d193e131fd33b34
GET /resized/size16/sfiles/logo_teams/2315139.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: image/webp
content-length: 772
cache-control: max-age=94608000
content-disposition: inline; filename="2315139.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 21:40:54 GMT
x-request-id: 6ad9501c27b35a797543dcb5914a34e9
x-time-ng: 0.032
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-834555b3d1983a62ef5fa099b6c8494c-9da7a2c06756da3e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T21:40:54+00:00, 2024-05-08T13:24:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 | 178.253.29.51 | 200 OK | 1.5 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashec23dae0401765aa58f4ac7d4ad0d241 620069aa4e80f929e0d7c011f2210fbf5f28e17a d4400c2039c4d46beea51b265328090c9d793661fbaf6ee77baca11fa5101128
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: application/json; charset=utf-8
content-length: 1466
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:03 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.021
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css | 185.244.209.62 | 200 OK | 1.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (5171), with no line terminators Hash5d231bea9b7df6bc1e9e74e3c0a231e1 2ef607f0c766fff1b4b1e90a2d98e7094c81721e c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b
GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: text/css
content-length: 1050
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-41a"
content-encoding: gzip
expires: Wed, 08 May 2024 08:09:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5b65cb116c57d694fa4e135b25dd8884-c1f62e231032ff7a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:09:31+00:00, 2024-05-08T12:53:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js | 185.244.209.62 | | 8.9 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (39925), with no line terminators Hash7ddea2d217f72613646d2b7eff8e9d6f ea22eb4a231ac86ed0773f58ff856e1203bed07d 42c2cd82d0a96f636d5f7289a821ad8de15c7da1e57f58c13882da2209d4d576
GET /_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 8881
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-22b1"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b5a6bf46683c4bd977030e1fcff96974-e2993b1504c0d032-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-08T10:54:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_3.json | 185.244.209.62 | 200 OK | 12 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_3.json IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hashb65d6079fabadcd1fef096a5e6b70fc5 f7a4997766f06bd8030e16d7c19298278afbdec5 6be3ce484d3aeb113a8ca19ee71fadff4ebed7590e99b33e73d0e785c59f097e
GET /genfiles/cms/betstemplates/bets_model_short_en_3.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:04 GMT
content-type: application/json
last-modified: Wed, 08 May 2024 11:16:53 GMT
etag: W/"d4f82c6941872614b6a2c18008e217be"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e57b2d981e591bad342efedd2a5da1b7-5d312fcbab761f4c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T13:12:27+00:00, 2024-05-08T19:51:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js | 185.244.209.62 | | 34 kB |
URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Hashf51f2dbc444633a8789c2f4e51065200 802022d748e158ef511e80c42ac78f043c973a94 fa88cf98dac24a78d08d4f79438aa27e6a90de1da20a8cfed23550b473372fe0
GET /sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:02 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 11:21:59 GMT
etag: W/"67267513246705d46a0bb83e1f8efd2a"
x-amz-meta-mtime: 1715167143.872342269
content-encoding: gzip
expires: Thu, 09 May 2024 12:42:08 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0205b2277d1e29800fc50ea5b2340944-ab362ff035da63ab-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:42:08+00:00, 2024-05-08T12:51:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js | 185.244.209.62 | 200 OK | 9.3 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hashe1a2d3b8e0f926054402fddf70673aee 30916304d9dfd05004b5167741863b127fa377ae 2df74a1eb2bb7c718e706ab27cb16e3c9ee58bb9ed6b0f4d6ff6ae2a108738e8
GET /sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:02 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 14:08:24 GMT
etag: W/"598d5481ac96b9bf8013b0eb1413b8e5"
x-amz-meta-mtime: 1715090765.876385008
content-encoding: gzip
expires: Wed, 08 May 2024 15:32:24 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6ef9e2a58172238969a7f7524cdd208e-e8b2a3ae09f4eec9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:32:24+00:00, 2024-05-08T12:57:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/session | 178.253.29.51 | | 0 B |
URL 1xlite-461430.top/web-api/session IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/session HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
cache-control: no-cache, private
server-timing: p;dur=14, dt_total;dur=19.440, wf-uht;dur=0.029
traceparent: 00-3d68d83c87e05b5ecb0e7a44c43346ca-39a4b6e03b3ac8af-01
x-dt: 285
x-time-ng: 0.019
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/betstemplates/bets_model_map_short_en.json | 185.244.209.62 | | 52 kB |
URL v3.traincdn.com/genfiles/cms/betstemplates/bets_model_map_short_en.json IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Hash51a076c592ae68196e872e020c47b723 7dd1640c64795961da983593bdf1399e0637e7de a6862beec74b868b5571d01fa903ed4fda384f3e7f44ea7ceb7de3d07227ad3c
GET /genfiles/cms/betstemplates/bets_model_map_short_en.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: application/json
last-modified: Wed, 08 May 2024 11:16:59 GMT
etag: W/"a799a969a6e2b30c7a407d320499643b"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-deb7aed81b8199072d68283716845427-1c3107fb7650291c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:48:34+00:00, 2024-05-08T19:59:42+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg | 185.244.209.62 | | 33 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3 Hash590bf4dea9eca01477197273e697a2f2 48626617ea6e7e6dc8d78421d4bbe4775dab89c6 36c0fc192afc11c3ebd5d841732212db3903757fd382cbfdbbddbf74ddb4a1d5
GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/jpeg
content-length: 32867
last-modified: Fri, 26 Apr 2024 11:44:33 GMT
etag: "590bf4dea9eca01477197273e697a2f2"
x-time-ng: 0.027
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-72558570c0ebd07fb50ee9f66145b5db-cbeb042133598dfc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:46:26+00:00, 2024-05-08T20:39:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3b6d4dd2b448.js | 185.244.209.62 | | 238 kB |
URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3b6d4dd2b448.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Size238 kB (238540 bytes) Hash441efd40fa5030ff3043b1e0af5c4721 05246f3a295bfdd087bc11765ab097ee13fd9196 c265208df5d22c031355b7e98be47abfaab4f3fb6f5bfc4e7e9f703eac1b5f8b
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3b6d4dd2b448.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:04 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: W/"5374f11801993ae8a92750d8b16bc96b"
x-amz-meta-mtime: 1715162852.704948141
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-305f1dfe1f11ebeb190c7ac676e65ffe-6ef531cec54a2dc0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js | 185.244.209.62 | | 25 kB |
URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Hashfcd6e36fb0e44644d80bbcf80c37ea1d 34983cbd9b7ea6f3c9eef9c93a2d0793d82a6afe 5e6e1949e9bf2a33959dc9e6f77a15ea55db937cff9a460778febf45bef409de
GET /sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:02 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:12:56 GMT
etag: W/"701ad5a22b8ea7213a53e334d0898349"
x-amz-meta-mtime: 1715162892.296543943
content-encoding: gzip
expires: Thu, 09 May 2024 12:42:08 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fc494661f6ab07bac914e60677da9f91-d1c714347d2b1f1b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:42:08+00:00, 2024-05-08T12:51:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/registration | 178.253.29.51 | 200 OK | 2.2 kB |
URL POST HTTP/21xlite-461430.top/web-api/registration IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashceea7fd7e6148fd9dc744fc633e1d416 494d9ec66e794c953a589aee249e25f6d24bfaa0 3e421090d52ac8e0ec38a9f4295b85469b8dc3edbadc39f16aa0bc26c158c285
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/registration HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 17
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:01 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=31, dt_total;dur=32.285, wf-uht;dur=0.045
traceparent: 00-62e037b5be5596fcaea230e18c09dae8-eeda8ca589289dcf-01
x-dt: 285
x-time-ng: 0.032
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp | 185.244.209.62 | 200 OK | 15 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hash2ccdf625b855ce93bc9b56a671accd6e bc8f3a791f6251b714bafad614d15c477ba428e4 c5012a832581da604a5c57e8f822008f749fe484c6d24127ca91232af71169cd
GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/webp
content-length: 14610
last-modified: Thu, 08 Jun 2023 09:20:03 GMT
etag: "2ccdf625b855ce93bc9b56a671accd6e"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fd733c5a6dfe101bfc8f4cd8eaedceeb-53ca10b658de527f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-05-08T20:28:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp | 185.244.209.62 | | 16 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hash99937fec94322155d99465451e84e5f4 0549b153f8e34c242f71817a038f7ebad37d27be d35bc328538e182310574b3ff1d58134efedc49c9f3dbb43ec6df65fed624f33
GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/webp
content-length: 15874
last-modified: Fri, 26 Apr 2024 11:44:53 GMT
etag: "99937fec94322155d99465451e84e5f4"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-95cecdd9771e3c16f86c99c947560402-239c8813989805f7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:45:30+00:00, 2024-05-08T20:28:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.webp | 185.244.209.62 | 200 OK | 9.1 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hashd18b01730ec2180f53426d1bcd4101f0 71318f020e1c01fdf9a150dd9853c896f4b03662 4cf9682b1d98dd94f7636a874e0020969d200bfb9b59d3c0d57e01923ee2f413
GET /genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/webp
content-length: 9072
last-modified: Tue, 07 May 2024 10:14:26 GMT
etag: "d18b01730ec2180f53426d1bcd4101f0"
x-time-ng: 0.004
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0b0ad9e231f63c9afb6407f189fc7d72-4e06700cd58d2e57-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:19:47+00:00, 2024-05-08T20:28:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/bfff49986d7a.css | 185.244.209.62 | 200 OK | 233 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/bfff49986d7a.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size233 kB (233134 bytes) Hashf1444590f27f600fd5a7d0df6df01838 46cd324ddaa1f4e3b7d0c0207387b7d2ca84e65b 934949d91413144aa8231e0d69bb600e3a8e24243b51f423eb2d775acfce5758
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/bfff49986d7a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:04 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:59 GMT
etag: W/"fd42a3c47441635be644d6248b61feb9"
x-amz-meta-mtime: 1715162852.71294806
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4a2a6cb8d3d6e43c2d0bce022a798108-1ce59d07374df6e1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg | 185.244.209.62 | 200 OK | 17 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3 Hashebce475967e6d85db5bdbde23e85eff7 496e2c75b549fe82d3f6dfbb3976096e0cae2ae7 6a1892ac412355576c6427f173d8b26757bdf0c8ec3aa149b6d1cfbc97408b9f
GET /genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/jpeg
content-length: 16730
last-modified: Mon, 06 May 2024 09:11:06 GMT
etag: "ebce475967e6d85db5bdbde23e85eff7"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-59534ffe124f5e939cc508c840bebe91-8f270dbdcc55f084-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-08T20:39:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js | 104.18.39.72 | 200 OK | 11 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hash6a16881156fb136ab419191b1ec546f5 2b5afdc896d4826ae492ee6c3955436b1b6e3531 5d14bb136cfafeee633bcdd426cabdfdc2d0919ac1f7e7cc0221b89cecaa9fe1
GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 20:49:01 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"8f42-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 707329
expires: Thu, 08 May 2025 20:49:01 GMT
server: cloudflare
cf-ray: 880c50607ca60afa-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size24/sfiles/logo_teams/167095.webp | 185.244.209.62 | 200 OK | 1.1 kB |
URL GET HTTP/2v3.traincdn.com/resized/size24/sfiles/logo_teams/167095.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash3d0ce9ce8b6dec70e6e0f31effa9f219 018de590437492f15fc3647997bfbaa759f16da9 f4395f007bd01851a93ccf6842c69c3f4cc1c39e4d5c3b71c881c674e85cccc8
GET /resized/size24/sfiles/logo_teams/167095.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/webp
content-length: 1142
cache-control: max-age=94608000
content-disposition: inline; filename="167095.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:51:53 GMT
x-request-id: e27ef69f33230d500def92477b09e641
x-time-ng: 0.067
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-712d50758ab9d7075600aa19a38a1976-06f01abceb447d30-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T14:54:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/08646c799532.css | 185.244.209.62 | 200 OK | 20 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/08646c799532.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash5d40f796e23ca9ef265e05b90c59aaa6 3b2d097a79a7b82e8e80e38295d3fb8620e6c1a8 9a0e076d35a45f6c25d4882c7bc16a2531292b0201ed1e5b80827e359439bcfa
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/08646c799532.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:04 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: W/"68721335fcec1406a789e81bb2cfef91"
x-amz-meta-mtime: 1715162852.700948182
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ab7942cd0b039b5de829abcf8fd705a1-ddc9e9c4efa2543f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp | 185.244.209.62 | | 8.8 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hashf7820c059ddb01f4b4e68e42a5e460a1 195804c0235c39f4262f97fe2761100319ed9595 cf0d38ba0dc4de44a0fc90d2592209998ac959644b187014ec028a4c0fddd3ab
GET /genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/webp
content-length: 8798
last-modified: Mon, 06 May 2024 09:11:30 GMT
etag: "f7820c059ddb01f4b4e68e42a5e460a1"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-45a073028b89c14e264a53c9273fec05-f6e0dbddbfb0b273-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:50:36+00:00, 2024-05-08T20:28:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c6409e21932f.js | 185.244.209.62 | | 731 B |
URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c6409e21932f.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJava source, ASCII text, with very long lines (730) Hash79c1e0d539880fd610f91e5b16085eec 8869f44ec95c804929f77b63b5343cc36390fd4a dcc3f9313d182be8841c435a392fd95939cae9137c4e030d26b1fcbd1d0658e2
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c6409e21932f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
content-length: 731
last-modified: Wed, 08 May 2024 10:11:59 GMT
etag: "79c1e0d539880fd610f91e5b16085eec"
x-amz-meta-mtime: 1715162852.716948018
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b61310dcb6375e46f2c2f7c4dbf866fe-755e3447fd991071-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/726083f27efa.js | 185.244.209.62 | 200 OK | 597 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/726083f27efa.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJava source, ASCII text, with very long lines (596) Hash76880f7538a0be62d4fc0f9e55db36aa 73f78086fe9d1875b8e289fc3c8e22ecaec4dacb 0491db56d6c0b9c1ecabeafcffcb6d1151d847f9145dd643d4a7f6408faee096
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/726083f27efa.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
content-length: 597
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: "76880f7538a0be62d4fc0f9e55db36aa"
x-amz-meta-mtime: 1715162852.7089481
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a8d28745ff5611aaeab52786a3c2f989-25b7ae5449b4499a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/618b749155d0.js | 185.244.209.62 | 200 OK | 481 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/618b749155d0.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJava source, ASCII text, with very long lines (480) Hash9abbe64ff2b544f35594e17905e4594c a7896739e9768216888018d2c4aec7c102e4d4a9 9f8032c080e2f3906f0c068bf43ef41084d6064f5df8be76b339fa87f7ad17eb
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/618b749155d0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
content-length: 481
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: "9abbe64ff2b544f35594e17905e4594c"
x-amz-meta-mtime: 1715162852.7089481
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8ff8e0c09acabb81c6e26bd6cd65d60b-63ed209a6bbf5b4e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js | 185.244.209.62 | 200 OK | 53 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashbb7e15ec1662efa164ad912bd1c65e19 bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52 a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
content-length: 53
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "bb7e15ec1662efa164ad912bd1c65e19"
x-amz-meta-mtime: 1714551564.671873539
expires: Thu, 02 May 2024 21:01:37 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-be802bc3134438e7fc087546f88d17c1-3c08cac2852d6060-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T21:01:37+00:00, 2024-05-08T15:54:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3af2cf3bddb3.js | 185.244.209.62 | 200 OK | 3.6 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3af2cf3bddb3.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hashea11de2ad3cd8420a2a7ba6e029be54b 0f2591435580443b725cfc1398d592a9e27bf6ef 05b9e0c3411afeeac9dba92afc0996494c1405001c7cbbec1285c494bfe54150
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3af2cf3bddb3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: W/"602495277c0ee0ced5c29a01596c0e58"
x-amz-meta-mtime: 1715162852.704948141
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a17b0d993fdbc4a565ce46b59787e77b-377450e77d741232-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/327334405031.js | 185.244.209.62 | 200 OK | 424 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/327334405031.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJava source, ASCII text, with very long lines (423) Hash31bd7da0b4c3a29a840d1befac27cf8b ab07ed137a23fe5b743ec0589f6c5c0da7b85258 9a60e8a389d3cd93b0014468deb14c1921ade7deec0c8559a4682a09c3f6f25f
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/327334405031.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
content-length: 424
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: "31bd7da0b4c3a29a840d1befac27cf8b"
x-amz-meta-mtime: 1715162852.704948141
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f0e49b7e6bc3ca3c990c57b5ec79d209-3451a668c455152b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js | 185.244.209.62 | 200 OK | 450 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (449) Hash056ce527a12544a37f984ac598be2344 6946b65cf1c68960e5f9ac0900a0df66a13e7e85 cd7cdf53c803ca43a37171180d14c2374e45ab347d309f9b83a107b9ad9b4ed1
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
content-length: 450
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "056ce527a12544a37f984ac598be2344"
x-amz-meta-mtime: 1714551564.671873539
expires: Fri, 03 May 2024 08:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e53d78ed9e1cbd837056cca4b2c16523-1538b02c75e1f0fa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-02T08:43:57+00:00, 2024-05-08T18:17:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4f769aae21a0.js | 185.244.209.62 | | 435 B |
URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4f769aae21a0.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJava source, ASCII text, with very long lines (434) Hash9161fb5b91a09b3026d143479dc567a6 c1fe731351fb1447e76ef38def2d2f869b025007 9a4b211be9ec541c8fbdf213a2ae7b270afdd22674f74ad12b9aec0a5ff6b278
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4f769aae21a0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
content-length: 435
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: "9161fb5b91a09b3026d143479dc567a6"
x-amz-meta-mtime: 1715162852.704948141
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3cd551b697a8a6ad12ec7303e986dca9-c0817bbe98aaedac-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-4d6c8249.js | 185.244.209.62 | 200 OK | 66 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-4d6c8249.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashaef3e7e835a99d3035bcd15797cfe9a8 5de336165d341c0601724e9c1051555ad1823207 25e9709b1b46caed0b4303d82fc1ed87763c84d661878f0a9e247c6e8a7c92ef
GET /_nuxt/desktop/default/vendors/conversion-4d6c8249.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 66478
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-103ae"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-20045c8a2fcd900b9e6421712907eabf-f415bdf5ce174240-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-08T10:54:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/918f54786acc.js | 185.244.209.62 | 200 OK | 3.2 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/918f54786acc.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (6455) Hash3c18149d89748568a40c8e80749b773b 39a16d2b2186dc0bcc9f6b04683ba86e69e80530 7a69b2c224d77d6e9933dd283cf044db96d32ad4a8fcfe1a762183fecd0f4718
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/918f54786acc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:59 GMT
etag: W/"f06694004f6f9f402370d0b451d32116"
x-amz-meta-mtime: 1715162852.71294806
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-833a2242f56ba8edc5575f145daed67b-c13739460f1eae6b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/bff-api/config/all.json?lang=en | 178.253.29.51 | 200 OK | 28 kB |
URL GET HTTP/21xlite-461430.top/bff-api/config/all.json?lang=en IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash160e81635796d69f04907e2c36800c35 f18fdd60890410bb2e3afd9aaa4c3d3bb3fd8ce1 ee3b01ea202ffc7093e458c69190b0e5fea6fb30ade034482e306a5ae3261ecf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/config/all.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:04 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=59.90, dt_total;dur=99.184, wf-uht;dur=0.114
traceparent: 00-b0ab29630d8217a413593d8ff48f8008-e697b5008058b84d-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.063
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/ | 104.18.39.72 | 200 OK | 380 kB |
IP104.18.39.72:443
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Size380 kB (380190 bytes) Hash053a649f6e4d87531336a5b130182b81 082b93a1edd143dd7dd2c4abac44475329018cda f6404ca72757c4f01b665fa987b297079d236b9fed6237db1a22f9c1597b13a1
GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 880c505209c10afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js | 104.18.39.72 | 200 OK | 133 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Size133 kB (133000 bytes) Hashda91e0af8e3c71910c632f74952d7a74 82def5d2caee6f86a8238142bb009ef10c273876 48cfd9d156e714b5493f96906ec06c6a0202a308da306faaad71123ff0151f90
GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"12fe9-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 698984
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50534b540afa-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715201343 | 178.253.29.51 | | 64 kB |
URL 1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715201343 IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 1 x 1, 8-bit/color RGB, non-interlaced Hash4b967ba387ca8e2bb5f211cabd54ad3e 36acb6ec6297a4f64720573e7623cb11cb2ae216 ed39baf8d48cabc341a512a5bbeeca32e24b30cd647399af70c75d300923f261
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/default/img/icons/pixels2.svg?v=1715201343 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=18, dt_total;dur=46.636, wf-uht;dur=0.054
traceparent: 00-510b73e327c1c7ac450eb993294bb2df-4b73afebe850dcde-01
x-dt: 285
x-time-ng: 0.032
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| radar.cedexis.com/1/23802/radar.js | 45.54.49.5 | 302 Moved Temporarily | 154 B |
URL GET HTTP/1.1radar.cedexis.com/1/23802/radar.js IP45.54.49.5:443 ASN#63911 NetActuate, Inc
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerDigiCert Inc Subjectradar.cedexis.com Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1 ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashcfbeaf604823f038b8b46f0ac862b98c 7b9eb1dac48e74fa5f418bc456cb410f88b81d98 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 08 May 2024 20:49:07 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Wed, 08 May 2024 20:59:07 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT
|
|
| 1xlite-461430.top/web-api/mobile | 178.253.29.51 | 200 OK | 64 kB |
URL POST HTTP/21xlite-461430.top/web-api/mobile IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash0b257a320e1fb3d827e5278f2ee8e4a8 827d2e21f3d1853faa45bb3f4450a47e4b8cae30 05985d98c8547423561b5ccfd62eeab2c3b358b1fcb21eec5c1b7c60556a7f8d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/mobile HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=20, dt_total;dur=21.732, wf-uht;dur=0.034
traceparent: 00-6efac990c26de961515f16b5a911feac-496d2bd8a3e6cbeb-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.022
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js | 104.18.39.72 | | 88 kB |
URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP104.18.39.72:0
File typegzip compressed data, from Unix Hashb9bc5a94d33ab7c6a1112799786c5fbb 656a9591eaa7343acc5d88e25680c77b41b398bf 3efebee355f1325257930fa01af434042866751ad000b75beccb5abdf5065805
GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 703265
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50534b580afa-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js | 104.18.39.72 | 200 OK | 146 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Size146 kB (146524 bytes) Hash7a7911932d03ddc08864914206f9f83b 2849d05a2c1d10eda6c03836f282b3a6e360c72c 599cbe6a3f6536caaa9c92cc39aad35aa2ba446b60ee661dec8c59183a03d89c
GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 693424
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50533b4e0afa-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.334/285/country.svg | 185.244.209.62 | | 63 kB |
URL v3.traincdn.com/sys-icons/1.0.334/285/country.svg IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Hash1bba9507bfd662f05b4bbf7185cd82d5 830a060243e7a4ccb2fb809afd2fb5546c502842 bd778f83e3d79b213dd25739cf672610f17c9dd0168b9de26dc7b2b0f102f225
GET /sys-icons/1.0.334/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:28 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-151db3ccf7077baf96081d93dd0bc25e-5755cd2489d2c48b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:28+00:00, 2024-05-08T10:54:37+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.330/285/common.svg | 185.244.209.62 | 200 OK | 60 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.330/285/common.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash7bf3e9e7d79beac942f5e7748a3af2e6 7c6896ef647506806f2cdbe998d8c9eb845a1754 663e2fc5004af9c6c1969fc5827d7ffdbfeec8d4753efd831208cb179f0a488f
GET /sys-icons/1.0.330/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 09:41:01 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713260458.134664491
content-encoding: gzip
expires: Fri, 19 Apr 2024 12:42:12 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-42f1bd4848248e5d385440e9aec0b318-ae0f6ec8759e33ba-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:42:12+00:00, 2024-05-08T15:54:08+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashc29ba508cb493a29b10aff6c0c58972f a9eacc7fcb59d4513acd0726159f799b7190c398 08dbfd6e3efc185d0eabe8727ccc38d83904deec32c252621eca15566011337b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:08 GMT
content-type: application/json; charset=utf-8
content-length: 9715
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:08 GMT
vary: Accept-Encoding
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2
|
|
| radar.cedexis.com/1707728419/stub.js | 45.54.49.5 | | 271 B |
URL radar.cedexis.com/1707728419/stub.js IP45.54.49.5:0 ASN#63911 NetActuate, Inc
CertificateIssuerDigiCert Inc Subjectradar.cedexis.com Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1 ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hash82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7
GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 May 2024 20:49:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:51:01 GMT
Vary: Accept-Encoding
ETag: W/"65c9ea05-186"
Expires: Wed, 22 May 2024 20:49:08 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63748, version 1.0 Hash6887b6f24414dbc612dbf42ccdc76b70 8068d3abfbc6cbf35b55919da45b1f4d2d136238 fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:08 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-415b67f7d22d47426f43579c9c7cd2dc-49d8986243086a0f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-08T20:34:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 | 185.244.209.62 | 200 OK | 65 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 64732, version 1.0 Hash3ac5d40d1b3966fc5eb09ecca74d9cbf a69f32357765dd321519889aeacba5e9ca893bb0 3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:08 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-23cee45e8b8e2f1b0b9d65e6d6288185-4db3d1b484637c76-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-08T20:00:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.51 | 200 OK | 23 B |
URL POST HTTP/21xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash345b75e064e58307806c319595fb9462 f9de0bc5d2126c14c7663e5a0f333305cf2c3ed0 2a75cb90a3e5b88cdbd08d149b80e7089c1fe3190b0d8c84118f775e8bdf3b22
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
Content-Type: application/json
X-Lang: en
X-Uuid: d90d24c7-592f-482d-872a-f0c642347e07
Content-Length: 99
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:08 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63920, version 1.0 Hasha65527fcb58f66a7cfbc0e6b160538b4 45d260e7fa343401b5bb0df982a014f53e2d253b fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:08 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9b7fcb10ec1f964645b0e2281e08ad98-fd32c562723fe3b6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-08T19:49:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 | 178.253.29.51 | 200 OK | 344 B |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd9426f6bacc30c82dc4226f344e9bfe4 ccad7df8c6e1af9cfe1c4ee92b7df75a6ffdd28e 1f89516368960443ecd22c2009baf01eb432b76bf115efd9578343b259b2feab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:09 GMT
content-type: application/json; charset=utf-8
content-length: 344
cache-control: no-cache
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:09 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/hd-api/external/api/web/v1/j/a0dm8i4g0i8g419f4219b48fc941519cfd1515b9cc008737a29b | 178.253.29.51 | 200 OK | 513 B |
URL POST HTTP/21xlite-461430.top/hd-api/external/api/web/v1/j/a0dm8i4g0i8g419f4219b48fc941519cfd1515b9cc008737a29b IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashf3c4eb2b1953c319c16186e9a68b951f 4369a682bd260508a21a92ba56e004b7f3eb4958 161e4fd37958a7304219f39d0afa27c1304b88047dbee75506764f889ac3d9bd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hd-api/external/api/web/v1/j/a0dm8i4g0i8g419f4219b48fc941519cfd1515b9cc008737a29b HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105936
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:10 GMT
content-type: application/json
content-length: 513
content-encoding: gzip
traceparent: 00-4ab6b53fb5b502c8cfd776bdb97f5063-bfad34f6c9c52db2-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 8390af98e38cd660eabb54bc4c604956
x-time-ng: 0.022
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=22.313, wf-uht;dur=0.045
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true | 178.253.29.51 | 200 OK | 3.9 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hasha76975776ac35cb72b8f1ceb13f0dccb 245da1c708d99178927dc746849c3237343306ec c7db7c759aba6469f941e0378654f2c5c88aa4d342751345b54197eb4c9dc5f7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:10 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=5
last-modified: Wed, 08 May 2024 20:49:05 GMT
x-time-ng: 0.009
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/002d7fda3d62.css | 185.244.209.62 | 200 OK | 49 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/002d7fda3d62.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash564e520b201cd4e347c2342601dcd17e 7217429b84b1cdd1e936d6ea05ab71343df0aa7c f7dad4574ada3aac1eb4b158786253ee50b8e1b05d77f2628efc1ee53127ebac
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/002d7fda3d62.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: W/"294f3a633bf92f7b6f9141c2b31b4bf6"
x-amz-meta-mtime: 1715162852.700948182
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:23 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7bd0c0384cbfc3be20b6fb667b76c52c-f0410795a6e24e69-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:23+00:00, 2024-05-08T10:48:37+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js | 104.18.39.72 | | 118 kB |
URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP104.18.39.72:0
File typegzip compressed data, from Unix Size118 kB (117572 bytes) Hash45f68e8d77384ef5e28adc1d6b0d2959 34506c46bc05db37cb968a28ca730d4e12ad7453 e544df50675acf31688e6875c5e344b000c256d72e4c5bca2249ad385eb6201a
GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 703265
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50534b560afa-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.png | 185.244.209.62 | 200 OK | 234 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 1380 x 248, 8-bit/color RGB, non-interlaced Size234 kB (234183 bytes) Hash29cbfc647b35d624dbb21a2480adcf74 2af51a37649fc6d91e331954244ae02fa39e4012 1c004afe245526de4788b8cbd4773d431ae624ec5902b5b81c6de6696893f5ec
GET /genfiles/cms/1/desktop/banner/ee94ef73444d56fe0d0234bd1e83acf9.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:11 GMT
content-type: image/png
content-length: 234183
last-modified: Tue, 07 May 2024 10:14:00 GMT
etag: "29cbfc647b35d624dbb21a2480adcf74"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-da3427049e5d46de1907e0d4abc85d9e-8d0e9338bc77ce2c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:20:16+00:00, 2024-05-08T20:39:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 | 178.253.29.51 | 200 OK | 2.2 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash2e50aa025493e41062bd84dba7c8d8b3 7796681bad0185944cdadf1ba343082dfc709a51 8cb3f4288da7e0502923cc90553a974276fe9533075f22872509db0ce4a81291
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:12 GMT
content-type: application/json; charset=utf-8
content-length: 2224
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:11 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash2ddeaa1d0b9b31779131214420d5085d a5b0b457b82f842d1a7bc23c98f75715847592f0 2491afc3f7d91bb604c1a8374270252c34376a73055ff3aecf4d257ab72acc3b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:14 GMT
content-type: application/json; charset=utf-8
content-length: 9711
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:14 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true | 178.253.29.51 | 200 OK | 2.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash7b737bb3981799df7dabebac7ae5241c 53a69d88d84aed0247ca0991666fecb4d6aabb53 7efd49c4baa552b2cd53510a63588d842cdbfcf308bb39e794948af6c12fe069
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:15 GMT
content-type: application/json; charset=utf-8
content-length: 2679
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:15 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.017
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 | 178.253.29.51 | | 4.5 kB |
URL 1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash9d255e57ebb29b93d5e3f51ecff6ce35 5428cc7704950f993f73e84a0138f04d0eb3f16e 0c5f4dfc71e41edb87f2158c3e93e96f1b2764ab7b1c86e7e47f31486bc1759d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:16 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=47, dt_total;dur=106.576, wf-uht;dur=0.115
traceparent: 00-9e3ad86b40acdc782287a8e9ca719ae1-83e72c1e8b8a7303-01
x-dt: 285
x-time-ng: 0.094
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg | 185.244.209.62 | 200 OK | 17 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3 Hashebce475967e6d85db5bdbde23e85eff7 496e2c75b549fe82d3f6dfbb3976096e0cae2ae7 6a1892ac412355576c6427f173d8b26757bdf0c8ec3aa149b6d1cfbc97408b9f
GET /genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:16 GMT
content-type: image/jpeg
content-length: 16730
last-modified: Mon, 06 May 2024 09:11:06 GMT
etag: "ebce475967e6d85db5bdbde23e85eff7"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f710bd363fc9cb233750bc4d876741b9-12af1f0269134a31-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-08T20:39:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 | 178.253.29.51 | 200 OK | 1.5 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hasha38e118f8bcd737d80777d979ba96d94 230332eae0db65dd47fe93eaa0ae2e604131916d 486ac7bcb5e8977a09c9e416be0b388018be438a42932208229ed51fb2323560
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:16 GMT
content-type: application/json; charset=utf-8
content-length: 1466
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:16 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.021
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash2ddeaa1d0b9b31779131214420d5085d a5b0b457b82f842d1a7bc23c98f75715847592f0 2491afc3f7d91bb604c1a8374270252c34376a73055ff3aecf4d257ab72acc3b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:19 GMT
content-type: application/json; charset=utf-8
content-length: 9711
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:14 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 | 178.253.29.51 | 200 OK | 344 B |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd9426f6bacc30c82dc4226f344e9bfe4 ccad7df8c6e1af9cfe1c4ee92b7df75a6ffdd28e 1f89516368960443ecd22c2009baf01eb432b76bf115efd9578343b259b2feab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:20 GMT
content-type: application/json; charset=utf-8
content-length: 344
cache-control: no-cache
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:20 GMT
vary: Accept-Encoding
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true | 178.253.29.51 | 200 OK | 2.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash7b737bb3981799df7dabebac7ae5241c 53a69d88d84aed0247ca0991666fecb4d6aabb53 7efd49c4baa552b2cd53510a63588d842cdbfcf308bb39e794948af6c12fe069
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:20 GMT
content-type: application/json; charset=utf-8
content-length: 2679
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:15 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true | 178.253.29.51 | 200 OK | 2.0 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashb450d2bafa0b97569a725a01efe818b2 af237294d8c9411a2e34c1f1ab8fbb7fb87bcef9 2dbe4db9e1c68ec79d617e8fb28461fb21d017c32299bce5ec90a2024667c570
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:21 GMT
content-type: application/json; charset=utf-8
content-length: 1956
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:21 GMT
vary: Accept-Encoding
x-time-ng: 0.063
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.071
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp | 185.244.209.62 | | 20 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hash95767496ab1dce71f394c97620666756 127389c7327fec508549222dd477edbd524e33dd fca493b566204dfff5ef8b8cd6c74c40659c812ac6665696dd5c66c664a31c7e
GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:21 GMT
content-type: image/webp
content-length: 20522
last-modified: Thu, 08 Jun 2023 18:05:27 GMT
etag: "95767496ab1dce71f394c97620666756"
x-time-ng: 0.006
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-02-27T14:22:50+00:00
traceparent: 00-1ff365c755f81e588f6fbb9bae6eba11-c1552abd591d9685-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US | 54.230.111.124 | | 82 B |
URL services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US IP54.230.111.124:0
Hash4f822d39c269d2c47e3174b6c6bad3b7 d56bd07959c766e9c18faa9cf1070548f9236b65 cda00e555c758b1c13b6cbd17049ca8471057d16c60f08f551dbc331308eecf3
GET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US HTTP/1.1
Host: services.addons.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 82
server: openresty
date: Wed, 08 May 2024 20:20:36 GMT
allow: GET, HEAD, OPTIONS
x-amo-request-id: 5006de72705a433a890c26ec3e932e6a
content-security-policy: media-src https://videos.cdn.mozilla.net; script-src https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://addons.mozilla.org/static-server/; style-src 'unsafe-inline' https://addons.mozilla.org/static-server/; child-src https://www.recaptcha.net/recaptcha/; connect-src 'self' https://*.google-analytics.com; object-src 'none'; default-src 'none'; frame-src https://www.recaptcha.net/recaptcha/; form-action 'self'; img-src 'self' blob: data: https://addons.mozilla.org/static-server/ https://addons.mozilla.org/user-media/; font-src 'self' https://addons.mozilla.org/static-server/; report-uri /__cspreport__
x-frame-options: DENY
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
cache-control: max-age=3600
public-key-pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
via: 1.1 google, 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
etag: "4f822d39c269d2c47e3174b6c6bad3b7"
vary: origin,X-Country-Code,Accept-Language
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Lx_rzBvxNeia5ymN5lro4ENlBKWACQrIY6QYMbkWOwD9CA3tXyLEdg==
age: 1725
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 42 B |
URL aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text Hashf8f24fa0c857d8f2ee493e131b85ab62 cb6049f830a54d14a19d4104fc0bb5ab5fdedbe6 e0dadbc9cd1f1bd8ce3118cc3383e0d0f6d147f055265d498d99deea956ba00f
GET /update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 42
rule-id: unknown
rule-data-version: unknown
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
via: 1.1 google
date: Wed, 08 May 2024 20:47:53 GMT
content-type: text/xml; charset=utf-8
age: 88
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 | 178.253.29.51 | 200 OK | 1.3 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash7407c9449a506864ae81ed8f5ac51139 0c8b525fe4936a0b151abb6037bcaf4497ab2d95 1a82011b282665f243f5f921c16cc8c2c887e986239d5200dddf1b23c86b878f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:21 GMT
content-type: application/json; charset=utf-8
content-length: 1330
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:16 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 | 178.253.29.51 | 200 OK | 1.5 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash747b73b134923cdfddcce155262b0837 ab8a189efe0eb94878eb9720eedb9c33fef3a999 85ae4f276e542e6ed0064e24a62cd833935dc025f355840965ed036f989001dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:22 GMT
content-type: application/json; charset=utf-8
content-length: 1466
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:22 GMT
vary: Accept-Encoding
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 | 178.253.29.51 | 200 OK | 2.2 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashfb2c5213b470d470cab045a563ea15ad 1ecd080a0d06e8c0e9a60d26086436f21594e74b be84a96434413720151c12d08e4f5058de02c1e86e79891b72e59ec02f883f3a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:22 GMT
content-type: application/json; charset=utf-8
content-length: 2211
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:22 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/api/web/v1/config/actualDomain | 178.253.29.51 | 200 OK | 635 B |
URL GET HTTP/21xlite-461430.top/web-api/api/web/v1/config/actualDomain IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashe90508cca101d9cb990de4c1ac272162 f2eff8d50f5d46fb966acd5ce6eae0e6928698f5 11d2a39f89bd0f2c2d4bce0007c223e73a00e54ac7423b3eff9ceec40b477e99
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=49, dt_total;dur=161.586, wf-uht;dur=0.169
set-cookie: SESSION=1e61a567e3ab58ec627b13a47d2ae925; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-a95266c2de86cc0a163315287c085567-3a6c4f0d710b29ae-01
x-dt: 285
x-time-ng: 0.080
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| pp23vi1.com/static/pixel.gif?1715201362418 | 178.253.14.123 | | 43 B |
URL pp23vi1.com/static/pixel.gif?1715201362418 IP178.253.14.123:0 ASN#202492 Silverhill Group Holding Ltd
File typeGIF image data, version 89a, 1 x 1 Hashad4b0f606e0f8465bc4c4c170b37e1a3 50b30fd5f87c85fe5cba2635cb83316ca71250d7 cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /static/pixel.gif?1715201362418 HTTP/1.1
Host: pp23vi1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:22 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.4 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash331146fdd8a9409ee81e71b1ad81deca 8449719899ad52a7abbeaf2e4c23440a51ec2b34 b01a7ac26491858c11ac1d6bfbfa34330e50ef75834d81f25610db130d95d765
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:25 GMT
content-type: application/json; charset=utf-8
content-length: 9445
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:25 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.026
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp | 185.244.209.62 | | 28 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hash77673f5b9062ff0a3565cba49941a954 f1c6d769ad6f256677c8558f06c4ee98d8e403d3 e78791dcbada0412db798159d9e781f2a50c12f04be4d0a4ecf96a617ec8b33b
GET /genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:26 GMT
content-type: image/webp
content-length: 27922
last-modified: Thu, 05 Oct 2023 10:29:56 GMT
etag: "77673f5b9062ff0a3565cba49941a954"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-02-27T14:22:50+00:00
traceparent: 00-f3e78773034745e36203bbb2381050dc-9c8b75894970eeea-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 | 178.253.29.51 | 200 OK | 2.7 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashfa2da3da6bfa433778df7a38785faf45 b38017c7f644bd5e21ec13daad2c729ea8c02c40 2e7748a522881188adb7bde97888654687adc0307fdae132620970fb672db419
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetGameZip?id=528030908&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:27 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=5
last-modified: Wed, 08 May 2024 20:49:27 GMT
x-time-ng: 0.011
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true | 178.253.29.51 | 200 OK | 9.4 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash331146fdd8a9409ee81e71b1ad81deca 8449719899ad52a7abbeaf2e4c23440a51ec2b34 b01a7ac26491858c11ac1d6bfbfa34330e50ef75834d81f25610db130d95d765
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:30 GMT
content-type: application/json; charset=utf-8
content-length: 9445
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:25 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 | 178.253.29.51 | 200 OK | 344 B |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd9426f6bacc30c82dc4226f344e9bfe4 ccad7df8c6e1af9cfe1c4ee92b7df75a6ffdd28e 1f89516368960443ecd22c2009baf01eb432b76bf115efd9578343b259b2feab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:30 GMT
content-type: application/json; charset=utf-8
content-length: 344
cache-control: no-cache
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:30 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 | 178.253.29.51 | | 7.7 kB |
URL 1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash9d255e57ebb29b93d5e3f51ecff6ce35 5428cc7704950f993f73e84a0138f04d0eb3f16e 0c5f4dfc71e41edb87f2158c3e93e96f1b2764ab7b1c86e7e47f31486bc1759d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:27 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=24, dt_total;dur=87.129, wf-uht;dur=0.121
traceparent: 00-68f50dd883301fa89e5a0fc8eb3882a8-85602a2f9e2a6f3e-01
x-dt: 285
x-time-ng: 0.055
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp | 185.244.209.62 | | 23 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hash02c73c0e2eaa0c7ad721ac2bafa0bca7 c289c333ee79cc2a3e01d6302e941a22da5e43c4 bcf43c5ae29cad6787c98d92c0e91d7af3c1f912a4abdbca1d397a839e7f61cb
GET /genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:31 GMT
content-type: image/webp
content-length: 23162
last-modified: Fri, 26 Apr 2024 05:29:21 GMT
etag: "02c73c0e2eaa0c7ad721ac2bafa0bca7"
x-time-ng: 0.045
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-26T05:30:05+00:00
traceparent: 00-d828953053ae5d339472b783265cf790-4bd504ff8dfd5b80-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 | 178.253.29.51 | 200 OK | 2.2 kB |
URL GET HTTP/21xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash133fcfd8e8c4667fd70a27555b83ad86 013bc6d969062823c94813780f1aeba822dce35d 2fb015957a761c3b7477660c1b7574bf6033e2b8c34f5f6e8e30197777f17cb2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:32 GMT
content-type: application/json; charset=utf-8
content-length: 2210
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:32 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 | 178.253.29.51 | | 4.5 kB |
URL 1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash9d255e57ebb29b93d5e3f51ecff6ce35 5428cc7704950f993f73e84a0138f04d0eb3f16e 0c5f4dfc71e41edb87f2158c3e93e96f1b2764ab7b1c86e7e47f31486bc1759d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2§ion=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:32 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=23, dt_total;dur=41.003, wf-uht;dur=0.054
traceparent: 00-60de1bfde14608cdff2293efc57b9c07-65599f2f18d394e7-01
x-dt: 285
x-time-ng: 0.032
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 | 178.253.29.51 | 200 OK | 1.5 kB |
URL GET HTTP/21xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash4068d03b117940af0f196d78f7cf6d1d daae3f7d7053ee89dd635c665a80d26df04a04d1 18e945299008f681b45218f284fa5a2c341992fdf83b34de7d3bcb531ab68565
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiQVU2SkhsNFBQRk5ucFJ3WXRFZUZtd3h0aldWRE5XcG9PRko5YkcwZUNnbUpsZUZKTUdXR0ZOWjBZeHI1K2dhZFNIL0Z2VEY1V29ObUtZRmF1dk9BM210UHFJNnp6bmRFMmZOTmdGRngxUVZWOWRjcy9EOVEzcWJXS05sM2JteVRJejFHVGFQU1VReGlBWHZUQm5HYnJZMVoyOFE0bkJhU004QVBHMFJsWjJBTEFWdnY1dE0yQS80Rlhvb2VwdmJkWFBZbUdCYkVJQUtSMk5ReWN1bFUzbEdxUkVtK2RVbHI0MThlaTRxWVhObUx5N0Jpd0M0YWEraUdVc3hreWNDN2hOa2tGWTVnS0ZaMWFlVE8yNFkzWUt1T0tnVkRVU2NPY3krbm9XditRcWpaIiwiZXhwIjoxNzE1MjE1NzUwLCJpYXQiOjE3MTUyMDEzNTB9.DUtbAoUnISCdGA7sdxk9Q9KSkZ4dPan3ZQfv9OEVSCfcGiAzgo-FVFiQVLqKe3-2N3wqSYEhFfN6kjT6OMM8Iw
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188; _ga_7JGWL9SV66=GS1.1.1715201347.1.0.1715201347.60.0.0; _ga=GA1.1.653231304.1715201348; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:33 GMT
content-type: application/json; charset=utf-8
content-length: 1466
cache-control: public, max-age=5
content-encoding: br
last-modified: Wed, 08 May 2024 20:49:33 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.021
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json | 178.253.29.51 | 200 OK | 2.6 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (2854), with no line terminators Hashecacc4d3ca1ba475ef20875ff4225f06 528aa5b0070cfcd78034449c40533e51278cba2a 328065b0030c77de9cafba92ec86d89b32ca55f32a3a251cdb7687f1f44c4859
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 14:59:39 GMT
etag: W/"269ccea9c3f07d37d497b4911e5d6e0b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.334/285/coloredSvg.svg | 185.244.209.62 | 200 OK | 88 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.334/285/coloredSvg.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hasha6f668d0aabdde5402adab210db914b1 67ae23ae768eda8a4e02d215bef54f622cc69e85 9e73861b840a90e64c92bfe73aa0f659e1eb2404e7020f145e7dc2100f82980c
GET /sys-icons/1.0.334/285/coloredSvg.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"a6f668d0aabdde5402adab210db914b1"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:51 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cbfd25146c30c24a09132acac6c14f3f-47ec6c9157c5ef67-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:51+00:00, 2024-05-08T11:01:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size14/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp | 185.244.209.62 | 200 OK | 678 B |
URL GET HTTP/2v3.traincdn.com/resized/size14/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash52deb7d8a9221f8a66dbba39940545f9 98f6317fd54cdd5ffc4dc94ccbc1df8531cb04da c15d6bb35e593134cb0e89e0ea31b6e0c899adc88ce8b49f63cbbf1cb895d179
GET /resized/size14/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:01 GMT
content-type: image/webp
content-length: 678
cache-control: max-age=94608000
content-disposition: inline; filename="f5db46d24aea0f9d3d07d0be290981ee.webp"
content-security-policy: script-src 'none'
expires: Sun, 02 May 2027 11:17:15 GMT
x-request-id: 0886958f5e5791dbf5bebe9641b54a58
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-811f398e65492f15faec8cb5bb5bb3dc-fddcea0f9a89f188-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-02T11:17:15+00:00, 2024-05-03T10:42:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png | 185.244.209.62 | 200 OK | 5.2 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 514 x 514, 8-bit colormap, non-interlaced Hashb9a636eef54b2844b571fe7de49184a7 bf653690790ced40eb3189da075a275d951d1607 001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743
GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b3be2014d6d19702f0ac33880feb1358-8376e9f73d41e669-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-03T07:12:40+00:00, 2024-05-08T19:51:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css | 185.244.209.62 | 200 OK | 7.0 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (7006), with no line terminators Hash522d7d5f86a1754eb7f6b6297bdb391f 5b299d090cc4af5b0f7f56a36072e8ae8ed6c45a 3afe3e2cc826264cde82bf7f1102b65ebce448dcec42e14eab6489ee36fc3687
GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: text/css
content-length: 1486
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5ce"
content-encoding: gzip
expires: Thu, 09 May 2024 14:34:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-37a28f16b7149760c8e9862e753418d4-a44aacace1186a99-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T14:34:40+00:00, 2024-05-08T17:12:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/analytics-4b5e21b9.js | 185.244.209.62 | 200 OK | 6.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/analytics-4b5e21b9.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (6671), with no line terminators Hashe026fa060a7da64dff690deb58b8c69c 227ec023d5e6ff6c3abb6769535e53e3a9ab5049 ed790bb279aa32683ff643feb1b37510fb0d5de4312d08af2c1f90c9e1f429dd
GET /_nuxt/desktop/default/analytics-4b5e21b9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-982"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-108ba54343365972214adab4848d1181-e4a3c68bde408c19-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-08T10:54:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.334/285/sports.svg | 185.244.209.62 | 200 OK | 378 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.334/285/sports.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Size378 kB (378005 bytes) Hash0c52e0c32f8f2667a72e0d57b63e02a3 a0fb81e89f2510e228c1298f2d107f5672c0a03d ed4dcc337364c73f4382c79e759156e064823c54a2f78d2747bafd87d41abe73
GET /sys-icons/1.0.334/285/sports.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:57 GMT
etag: W/"0c52e0c32f8f2667a72e0d57b63e02a3"
x-amz-meta-mtime: 1713272153.42490276
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:48 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-911c9a0a9aae2e8dc2fbffeb2f630221-a141a1f7b6758ec8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:48+00:00, 2024-05-08T11:01:39+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4510v897130004za200&_p=1715201347241&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=653231304.1715201348&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715201347&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Ds_1558737m_355c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D18069_30365_d70971_l71502_clickunder%26pb%3Da97213fad9d648e1a13d8fe56a5b07c1%26click_id%3D27581_251125_4_6_s1_1950621%26r%3Dru&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=14661 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4510v897130004za200&_p=1715201347241&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=653231304.1715201348&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715201347&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Ds_1558737m_355c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D18069_30365_d70971_l71502_clickunder%26pb%3Da97213fad9d648e1a13d8fe56a5b07c1%26click_id%3D27581_251125_4_6_s1_1950621%26r%3Dru&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=14661 IP216.239.32.36:443
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7JGWL9SV66>m=45je4510v897130004za200&_p=1715201347241&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=653231304.1715201348&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715201347&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Ds_1558737m_355c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D18069_30365_d70971_l71502_clickunder%26pb%3Da97213fad9d648e1a13d8fe56a5b07c1%26click_id%3D27581_251125_4_6_s1_1950621%26r%3Dru&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=14661 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Wed, 08 May 2024 20:49:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/67ed857590f4194454d21d2001d513b0.webp | 185.244.209.62 | 200 OK | 784 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/67ed857590f4194454d21d2001d513b0.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash39b984de750c736edd5249b916c92b6e 64e5392da1c65c77d8e9728574e075ac2aea2af3 4ff8446ba4761a2a7df7cdbeece9d59bac278a920f6acbc68ddfcfa974888381
GET /resized/size16/sfiles/logo_teams/67ed857590f4194454d21d2001d513b0.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:03 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="67ed857590f4194454d21d2001d513b0.webp"
content-security-policy: script-src 'none'
expires: Mon, 05 Apr 2027 05:10:43 GMT
x-request-id: 069b6eae0e7c53c0d7c90157638f9be4
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-772887ca9e531f24ea7c1f5de7c533ae-3f882f190e1244d8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-05T05:10:43+00:00, 2024-04-09T13:57:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/api/v3/bonuses/first-deposit | 178.253.29.51 | 200 OK | 426 B |
URL GET HTTP/21xlite-461430.top/web-api/api/v3/bonuses/first-deposit IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (464), with no line terminators Hash2d9b04c0ee3ec015e9094ce942ed9139 eebc58e94d15401f9c6737a4908018fd833d94ee dea4bd3b63fac017709162cd44048f725c21396da41d2cfdc235812fcf2eb6fc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=40, dt_total;dur=41.964, wf-uht;dur=0.054
traceparent: 00-69242a0be60dc40b22ef07ffd96c4fe5-37f7bc9098c686ac-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.042
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/38023f75e90b.js | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/38023f75e90b.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1556), with no line terminators Hash46de4e50e73a04e8307048b4d1139985 516cc776a642163fd602e85b589886996d609d5d 270fc9804f59ef70ba5996b1a07f91d2c994a7ad51c4b482ce93cb164b81e023
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/38023f75e90b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: W/"8a7d471cf2bc2319c80b135e841a4440"
x-amz-meta-mtime: 1715162852.704948141
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:31 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-df5b017e47ba24e6beca8879a33b20e7-c9e864e45b7c3ce9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:31+00:00, 2024-05-08T10:48:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en | 178.253.29.51 | 200 OK | 3.8 kB |
URL GET HTTP/21xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (4380), with no line terminators Hash35b15ddc8b3ddba2cdb3bfc72981faf5 4a827b334a2c3d01ebda12287e001ff2342b1ed8 b73cc38f83e92cafd70e238deb6face9210af5603208057dd1a2077fdec6b3cc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/config/contacts.json?type=2&lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:57 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=7.06, dt_total;dur=12.741, wf-uht;dur=0.020
traceparent: 00-4b2899f7be0797cee5899b13f03bdac5-bddc4396b8bf8e13-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/f385e6db/_buildManifest.js | 104.18.39.72 | 200 OK | 519 B |
URL GET HTTP/2widget.suphelper.top/_next/static/f385e6db/_buildManifest.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeASCII text, with very long lines (547), with no line terminators Hash063abc9f05b28326f5878dcd728ca1f7 321099ea5d4fa6792974fd44503ffb3e75e5c5b0 73109b74c039aec5fc1e3f4e3c2e15585b1ba094f3e8291b0cd67f51b4b830c4
GET /_next/static/f385e6db/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"207-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 567683
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50535b680afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json | 178.253.29.51 | 200 OK | 846 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (939), with no line terminators Hash3b0f052f0ee72363f47a2f3f18d5ebe5 6ff620b7b03e7e310268c686774efbac9042b281 e544e033d1ff581ba781fc652a2af30eebfbcb7ea7649002ccbdc26faa8f1ebc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 846
last-modified: Mon, 07 Aug 2023 13:49:51 GMT
etag: "730bd58f457e46b6ac3b9f6028a8e162"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css | 185.244.209.62 | 200 OK | 36 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (36387), with no line terminators Hashe6a26e7156450d40bffd62c65dd8a90c 3fa5029748cba881c7be759257525f206cb8e81d 5c473dbebadbf8c838ef80cc2106faa4c96d3822f7d61dd282e2cd11c680eec0
GET /genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:54 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 09:12:07 GMT
etag: W/"e6a26e7156450d40bffd62c65dd8a90c"
content-encoding: gzip
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e8fdf9bf0e9f8e15f7e33a5cbee33719-4e0aedf55c193b84-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T09:19:03+00:00, 2024-05-08T20:20:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=653231304.1715201348>m=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=50991937 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=653231304.1715201348>m=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=50991937 IP142.250.74.163:443
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97 ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=653231304.1715201348>m=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=50991937 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 May 2024 20:49:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-b5724bd6.js | 185.244.209.62 | 200 OK | 16 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-b5724bd6.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (15997) Hash6d90c5998c2ceb8a008e3c6eef4c55e5 6b68a02d6362d6661be529eff19cf1baade8d48b b1e36624011507a84987d59ffc7f689b32e47476be990c1add266f24c00c1088
GET /_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-b5724bd6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 5562
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-15ba"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:49 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-49f3fcf528def3596d7367de07ea7e9e-9909b3d72aa9e884-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:49+00:00, 2024-05-08T11:01:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/472977fdf26e.js | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/472977fdf26e.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1559), with no line terminators Hash6cc9f4d9f508a039bd1391d63cb74e79 4a9635f99beca4ac1a227bc85ee364d0a087e63d e3dcfdc2c12e0761b41386946523d7fa358ee33db0bcb94fc9ebe2b0ef2f9bac
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/472977fdf26e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: W/"2f5436be87ea646c3521311f827e6c73"
x-amz-meta-mtime: 1715162852.704948141
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:30 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-38049d5d1954ca1749514391d4445126-0f82e3ce5ef35acb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:30+00:00, 2024-05-08T10:48:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V | 142.250.74.168 | 200 OK | 178 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP142.250.74.168:443
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (1822) Size178 kB (177870 bytes) Hash54a76ae8818eaeefa5208f511cd2b37c a96d305552ae9086e2d011c2d074b27c25e9a1a1 e57776d49a62ec4035399ac86b30bdb81f55c34f52dd316263eb77cf0c7f40cb
GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 20:49:07 GMT
expires: Wed, 08 May 2024 20:49:07 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 May 2024 20:18:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64335
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-43e47582.js | 185.244.209.62 | 200 OK | 110 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-43e47582.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Size110 kB (110149 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_nuxt/desktop/default/betting.SportMenuApp-43e47582.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 24936
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-6168"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1e8947263b64ac62aa35bf9f80295995-2a3ebd7f96db4612-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-08T11:01:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size16/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp | 185.244.209.62 | 200 OK | 770 B |
URL GET HTTP/2v3.traincdn.com/resized/size16/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash7f72adfe2f029ab734c554ee3529e5d4 8cd75623eb253451e67fff9cf6a542920778268d 9c0916f4f70c83af6a87fb261c1b666ae5b80185426257ca7bb7b8fbc808d5e3
GET /resized/size16/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:58 GMT
content-type: image/webp
content-length: 770
cache-control: max-age=94608000
content-disposition: inline; filename="65e3e972954419765c3ce21698edf6cb.webp"
content-security-policy: script-src 'none'
expires: Thu, 12 Nov 2026 22:52:53 GMT
x-request-id: fb323a5ca3cd6884c5e4b0ce48441211
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6d6f9eb1c2f314b3b5e6819c728a6271-db66e54bee55d9f9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-11-13T22:52:53+00:00, 2023-12-18T08:39:53+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-5a8fe517.js | 185.244.209.62 | 200 OK | 2.3 MB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-5a8fe517.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Size2.3 MB (2340697 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-5a8fe517.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:01 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:59 GMT
etag: W/"0d38c5af85509fb3a865ab3c5282960e"
x-amz-meta-mtime: 1715162852.716948018
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:24 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1dc887c0b46c4a0d30d8ebc545cd8cbf-4bcea4caa683ac16-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:24+00:00, 2024-05-08T10:48:37+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/40295f87c48b.js | 185.244.209.62 | 200 OK | 4.2 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/40295f87c48b.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (4298), with no line terminators Hashe59d71572ca7468920782d764ed6313d f1aed01d05076da5d476e151af15a76ba4656d37 fe6c32162f543426c88981e708ed220fa89e13c16c699e17b6b1b8b0386f36eb
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/40295f87c48b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: W/"04021329a63deda1db56e389799543a2"
x-amz-meta-mtime: 1715162852.704948141
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-517ba3540e209c07a9fc6c8f24c2cc41-24b2b5d7744fa548-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js | 185.244.209.62 | 200 OK | 17 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (16761), with no line terminators Hashf2263fc2e9f9bff4572f3b1c24a80ab2 efe1b2479e2f34dbe912d9e588759b2787bbc3b9 38444c18d8c24549cc13b2de3a055976ec8f3f238e022739f0b6aef8fa74db9b
GET /_nuxt/desktop/default/betting.media-29872be3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 4727
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1277"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cf91a28c03b73b9cf27225255ba74129-5dec33926a13ad1a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-08T10:54:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js | 104.18.39.72 | 200 OK | 77 B |
URL GET HTTP/2widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeASCII text, with no line terminators Hashb6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
GET /_next/static/f385e6db/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"4d-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 567689
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50535b6b0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp | 185.244.209.62 | 200 OK | 18 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp Hashb7e3857cdc8cbde71f63af81a61f5cfb deeb62ea6e9b702bb9e3f395483c3c00445adcf8 786e67817e82780aaeb0d2bca1e57e06fff5ae9fa89b2747b1af57913886e25f
GET /genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/webp
content-length: 17490
last-modified: Wed, 21 Jun 2023 09:54:55 GMT
etag: "b7e3857cdc8cbde71f63af81a61f5cfb"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-32b2b8ab86532af7917f17db58f36deb-e130d3aad244bca1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T15:26:35+00:00, 2024-05-08T20:28:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json | 178.253.29.51 | 200 OK | 473 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (522), with no line terminators Hashf3440f6f4afdcd28fb77909da59d385d a2d60764b1ba4ab5a19d7f5ce9e48a1df55197ea 27c629a48bf70e54e36e8a1a500e562335783afca1dcbff87a7afbac73f04b60
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 473
last-modified: Tue, 06 Jun 2023 13:22:27 GMT
etag: "e67aa19ef00fd2285c7b4ecbb6018306"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/cf595d91800a9e704eae8f8144ec3698.json | 178.253.29.51 | 200 OK | 1.2 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/cf595d91800a9e704eae8f8144ec3698.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (1329), with no line terminators Hash9745536a93f1a4b282c8a14a2dc80af9 e851ceebf8ddb1a5281b48c1ca718bfd966a3066 22364516b908b06ecddab57eb188db60b989ba58919bc07d844d56d1e3a20398
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/cf595d91800a9e704eae8f8144ec3698.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 08 Nov 2023 10:38:43 GMT
etag: W/"0bb12b4ad161abb85aa8fd50a78c1a59"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css | 185.244.209.62 | 200 OK | 1.0 MB |
URL GET HTTP/2v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Size1.0 MB (1048668 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sys-ui/3.2.3/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 19 Apr 2024 10:53:25 GMT
etag: W/"64d292a033c097211f9f4c21ffbcb2b0"
x-amz-meta-mtime: 1713523729.13591556
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:54:48 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1d23e6a08695c944463ee538d4e4518a-35e71f99b94e9c14-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:54:48+00:00, 2024-05-08T15:21:19+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6158757f111a.js | 185.244.209.62 | 200 OK | 715 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6158757f111a.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (734), with no line terminators Hashe3249ee399fc9f737e7a53f22892889f f09f609c6e372814808916df0a412b6748b616ec 899dee25e18ea89a3f2d53965be4fc6d26d665f9481549fe2068dc577cee6bfa
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6158757f111a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:04 GMT
content-type: text/javascript; charset=utf-8
content-length: 715
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: "6ee3bc259bfb800c3a044e012d0e1891"
x-amz-meta-mtime: 1715162852.7089481
expires: Thu, 09 May 2024 10:43:25 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-383f581d1e09f8eeb793a7e5e8af0968-6ba422e9e39572e9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:25+00:00, 2024-05-08T11:09:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg | 185.244.209.62 | 200 OK | 51 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 1380x248, components 3 Hash15b1bda7b31ccc5eacce67afbe6f160b d41eac3583bb0495a008b0d1e4a584d103feb436 2e1b52936d0c7081d46010cd49e236aed8cefc16adad7c908c108aff4a73718d
GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/jpeg
content-length: 51087
last-modified: Tue, 11 Apr 2023 18:15:30 GMT
etag: "15b1bda7b31ccc5eacce67afbe6f160b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0456f013f68df0d056d91da2c5f665cd-9d85bd1041e63f3b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:23:51+00:00, 2024-05-08T20:39:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp | 185.244.209.62 | 200 OK | 1.1 kB |
URL GET HTTP/2v3.traincdn.com/resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash6bd1a4bfa55aad56422400c489942897 17b4372b5ac8430ca744684686cea67969a15cfe 9f4ff586f0724b113f76a8bb64339eedabfc637511a2529e7194248d0554da4c
GET /resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/webp
content-length: 1094
cache-control: max-age=94608000
content-disposition: inline; filename="1705962ffbc1e568500d02753d414082.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:51:53 GMT
x-request-id: 1092693db696d60f31712e8ba12deb0c
x-time-ng: 0.062
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e00c5e75dd9a272c9e6e39d5f7788994-bca8f1265dc387cf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T14:54:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ea8313b1f9a.js | 185.244.209.62 | 200 OK | 5.0 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ea8313b1f9a.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (5112), with no line terminators Hashb6749c8ab9bd9eeea1ff2b0fd149d3a0 e298a6a2a4de6da3d09af6c9c8f108a8a487b872 3e3427fd015e7823d1646944479db5569b4127aa829c273974e5c1396bd11da9
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3ea8313b1f9a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: W/"84c2ff24404b03b93539885d2c51922f"
x-amz-meta-mtime: 1715162852.704948141
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-195bcef2275bcde6b2b407adf2a59e23-33712e3f1aa4b22a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size24/sfiles/logo_teams/1996.webp | 185.244.209.62 | 200 OK | 1.4 kB |
URL GET HTTP/2v3.traincdn.com/resized/size24/sfiles/logo_teams/1996.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash886a20096e1c4869d510740a41df5812 7a9a79a4ca6251afba1a3910efeb6bca4a425ee6 3b8952ad0299b2b7039e1dc767edeaa840348e71ae43b3805badd8a6fb2a4598
GET /resized/size24/sfiles/logo_teams/1996.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/webp
content-length: 1392
cache-control: max-age=94608000
content-disposition: inline; filename="1996.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 11:19:47 GMT
x-request-id: cd48375ed13b2fcc5782e27042338191
x-time-ng: 0.067
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1f76ab7bd5c8b27ea15fe8917de944ef-d15bea5977e080e6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:19:47+00:00, 2024-05-08T11:29:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5aac26f85449.js | 185.244.209.62 | 200 OK | 372 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5aac26f85449.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (379), with no line terminators Hashbd07856562802ef1bc77cdd95a44cd42 e28ae3df6bbaed63100c8384a519affff7ebe81e b841711b8728702a1aeb9c5bc1790484fbe08e94b41b586313fc14d47bdeb0d9
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5aac26f85449.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
content-length: 372
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: "1da4d94244cc89a54a946028d2eb3d29"
x-amz-meta-mtime: 1715162852.7089481
expires: Thu, 09 May 2024 10:43:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-57d4c72223b639ce9752bcdfa3263426-43fd8d27c422a670-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:31+00:00, 2024-05-08T10:48:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js | 185.244.209.62 | 200 OK | 2.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2354), with no line terminators Hash31e8abce8e1dc240c4ee0c3a60d3d0ba d782b0b4418fd4c8c0c2a16d267e619171fc43ae c04e8b1a6b471e82cf76d9ad8a004f0e6b7fc68480e52d28d26caac254601cd6
GET /_nuxt/desktop/default/DC-fcb3e9b4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-3e7"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-07608c43bee6e6e4a37d5409cfb62514-8e4f87558737705d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-08T10:54:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json | 185.244.209.62 | 200 OK | 22 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/betstemplates/bets_model_full_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/json
last-modified: Wed, 08 May 2024 11:17:00 GMT
etag: W/"65c4f8441dea9f78c50a9fc7029f9193"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6ed44254343e9d6211a852feec5ba4a0-4c4106eadb6d1dac-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:50:25+00:00, 2024-05-08T19:52:22+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js | 104.18.39.72 | 200 OK | 1.0 MB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size1.0 MB (1015847 bytes) Hash5997e7f54cf2aebf463f16902ccbc7fc 659b9677d6196eabd63ce0feb5f4466accb72df7 08d0ab3696a84b16c7cc5306bf6d83dd27f99a2ce221ed337bf09dec8ebf95db
GET /_next/static/chunks/pages/_app-9c47c295eecaa68a.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"f8027-18f381bf92a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 567689
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50533b490afa-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/hd-api/external/api/web/v1/converslon/load | 178.253.29.51 | 200 OK | 31 kB |
URL GET HTTP/21xlite-461430.top/hd-api/external/api/web/v1/converslon/load IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashc37cb62ac74fba1118f6c340bae6393b 36dff7a2bc1343d785cbb88fdedfb2ab85d63a81 4b2d0c7c8d336f7e839d7be6bbcfd2eee62f682d6f87c5dedce498adef8afe1d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en; sh.session.id=dd6b944b-1195-456b-ab7d-f1b7386c4d04; ggru=188
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-a789a2c1052bf190650fd829ee67a17e-e7056d44ba469170-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 7bee4580d0b14aa325818df55dd22c57
x-time-ng: 0.274
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=358.571, wf-uht;dur=0.372
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e9c3c91c857e.js | 185.244.209.62 | 200 OK | 1.0 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e9c3c91c857e.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1063), with no line terminators Hashf1b354548908409d1a1339f2cf2019bb 8708595f8d7de989760cd5cbf7b6304c44ee9305 56326bbc4cb79494e0303b407d706799ceab518e26cc7013e9c2f15afac5beaf
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e9c3c91c857e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:59 GMT
etag: W/"79b20e2721490ad601fb0a6be2cac709"
x-amz-meta-mtime: 1715162852.716948018
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-17c6860415cd7804e04f87357345ede8-763e1747fd5144b2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/35fa91628fa4.js | 185.244.209.62 | 200 OK | 24 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/35fa91628fa4.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (23507) Hash1c8f8a55f3c3a7955b08ed9c055a1b3e 3a31f8d3cbaaaf74e4616c9ab944919e0cd4c70a f900155624ef7437112d00e9a9966a755cb6588dc9c19bbed7a6de031502b8f9
GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/35fa91628fa4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 10:11:58 GMT
etag: W/"1c8f8a55f3c3a7955b08ed9c055a1b3e"
x-amz-meta-mtime: 1715162852.704948141
content-encoding: gzip
expires: Thu, 09 May 2024 10:43:41 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3bdaf65a043234fe8a5563e641bd60a4-0024bd425687221e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:43:41+00:00, 2024-05-08T10:48:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js | 104.18.39.72 | 200 OK | 10 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (10533), with no line terminators Hash54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662
GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 703265
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50534b550afa-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json | 178.253.29.51 | 200 OK | 3.1 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (3458), with no line terminators Hashe020b60228a3739c141fef4208d28fe1 1644bdd97833c765f2d883cc5e9f77ce6c451b13 ea2f5cd3373a7c14995ee0e1bbd1cc12b003fc5944d2c58ecd55d987488d4539
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 11:33:40 GMT
etag: W/"5696ef1b371a34f9ef6d91bde17f66e7"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js | 104.18.39.72 | 200 OK | 3.8 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (3855), with no line terminators Hash7288e202ab8e4cf1b7f60eed709e0986 c10effeb29bf129a7c81688b9f3a7d5485272e87 56e695b4675b50d55a92f006109771a67da822050f5ae03fd2ad02c1a9565b58
GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 698984
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50532b380afa-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js | 104.18.39.72 | 200 OK | 92 B |
URL GET HTTP/2widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeASCII text, with no line terminators Hash7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a
GET /_next/static/f385e6db/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"5c-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 567689
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50535b6d0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/3f334649155a1a45297f2818d188f544.json | 178.253.29.51 | 200 OK | 3.0 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/3f334649155a1a45297f2818d188f544.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (3332), with no line terminators Hash117381039df3bfd1807388998f373f23 2154641408391bfa7697737f592dd7d770e13203 b9ca8dfb84a5a54cf4831c7f6ba908924a9c35b508df5536fb99f17e88e34e68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/3f334649155a1a45297f2818d188f544.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 12 Jan 2024 14:22:45 GMT
etag: W/"86469d79e86420defdbc23ede66a45d9"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa5b82508b9b78c615c87b4fce50b5cd.json | 178.253.29.51 | 200 OK | 254 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa5b82508b9b78c615c87b4fce50b5cd.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with no line terminators Hashcacd90d79fcc9eb11e42b444e54fc71f f414ee29fae9500d8f064ae558349cdcc4909e4f 4e888624b696269deb7c0807df87318ffd429b19b373fd841a856ea9bb9c67b0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/aa5b82508b9b78c615c87b4fce50b5cd.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 254
last-modified: Mon, 05 Jun 2023 11:45:03 GMT
etag: "e98ab276a935ed5ddb1d9f62601846cd"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/resized/size24/sfiles/logo_teams/08a25897e35d75d7261a8095b9599aad.webp | 185.244.209.62 | 200 OK | 1.2 kB |
URL GET HTTP/2v3.traincdn.com/resized/size24/sfiles/logo_teams/08a25897e35d75d7261a8095b9599aad.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashe63abc1e41178a97d4197c51567e25c8 2093338e3a4804d8c80fafd7720537056d9d0bea 0c2de26224b4b34463e0e2c5c8f38d60edf6fbf7d97a568671892edc96be354e
GET /resized/size24/sfiles/logo_teams/08a25897e35d75d7261a8095b9599aad.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:49:05 GMT
content-type: image/webp
content-length: 1220
cache-control: max-age=94608000
content-disposition: inline; filename="08a25897e35d75d7261a8095b9599aad.webp"
content-security-policy: script-src 'none'
expires: Sat, 08 May 2027 11:19:47 GMT
x-request-id: 5ed651ab54561c418f16ac8f894afb00
x-time-ng: 0.049
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-015a97000245dd91c4f554318ce562bd-673cc60bf3c29a70-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:19:47+00:00, 2024-05-08T11:29:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js | 104.18.39.72 | 200 OK | 108 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size108 kB (107844 bytes) Hash83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75
GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 693424
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50533b400afa-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json | 178.253.29.51 | 200 OK | 1.3 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (1430), with no line terminators Hash1a52815ebb77ea854c52f2790c66736a d375a57cee42a534bb41e36d665031d100ce9efc 0c9e8c1ae33dee3e84c55da6583bbff67d591c50a12434bcb4ca0daf27439e7c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 18:28:29 GMT
etag: W/"dfe0c8d8abf7084df9e624f1f4065e59"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715201339 | 178.253.29.51 | 200 OK | 90 B |
URL GET HTTP/21xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715201339 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 1 x 1, 8-bit/color RGB, non-interlaced Hashe45f90dcbe718dea3476c4b69b501a4e e9af26a93c467a77e4733ec537f4f5ce7a4ba089 a439dd8761d9fd4ff88e82e83200877703594491065880dbd4e59ddf4ce1b204
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/default/img/icons/pixels2.svg?v=1715201339 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3; _glhf=1715219113; application_locale=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=14, dt_total;dur=57.829, wf-uht;dur=0.065
traceparent: 00-dc39414a0496d9b5a31c05e7b6a586ac-a70a8db37d199cf0-01
x-dt: 285
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg | 185.244.209.62 | 200 OK | 1.2 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash1ff133ab01d208b0d686dd88d85e239a 86a0501b79a1c553eadc829177a9e6ffff1948be 9ac21c63d1c8b7abe4c94550a731baff995d34c745c1d08fdf8d5e5c8de268f1
GET /genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:59 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Apr 2023 11:51:30 GMT
etag: W/"3ae81b002dca46d3b732ce3e03ae35c6"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0b809ca5a84243b41883a3f8a0e6bfd6-63b9282f8770f854-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:36:11+00:00, 2024-05-08T20:48:50+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json | 178.253.29.51 | 200 OK | 1.1 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (1205), with no line terminators Hash7e57210fe3f01fd6a726a5ef7750785f 3466d373b62cd3e1c975ca7556e9ed8139f78360 b984b21e94d34c282acae49e1fd192038dd5a8cf2b1ae214fd4ac7ba86ee7048
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 02 Feb 2024 08:33:56 GMT
etag: W/"338264fc869e8f0b86b0d6c9d92102b0"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/user/secure | 178.253.29.51 | 200 OK | 59 B |
URL POST HTTP/21xlite-461430.top/web-api/user/secure IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash09b8cfb9fce1a52904a8a425e9092ab9 b4e88499a9d13d2f2397f93b29a3d5bb4b3d08aa f4492f1b68ba1b76541d34d8ac28c4ebabc527704935946a0ca16f6cd30cfeb4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/user/secure HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1280; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D; tzo=3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:57 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=18, dt_total;dur=71.140, wf-uht;dur=0.079
set-cookie: _glhf=1715219113; expires=Wed, 08-May-2024 21:48:57 GMT; Max-Age=3600; path=/
traceparent: 00-06d5e9bdbd5caced645904d187849653-cbc192c8dfb41007-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.051
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js | 104.18.39.72 | 200 OK | 141 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size141 kB (140949 bytes) Hash896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4
GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 20:48:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 11 Mar 2024 06:37:37 GMT
etag: W/"22695-18e2c3b24d9"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 698984
expires: Thu, 08 May 2025 20:48:59 GMT
server: cloudflare
cf-ray: 880c50533b3d0afa-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/dc5d190996ae45dfea78e34261413044.json | 178.253.29.51 | 200 OK | 349 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/dc5d190996ae45dfea78e34261413044.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en?tag=s_1558737m_355c_[]MS[]null[]null[]general[]18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (384), with no line terminators Hashe9fd7095b24ef4fe343b1d75e9771bf1 8bd657bc73f8cdf8c07fd6e8d9e68ca66fd9ea7d 6b310525863e98e1e0645a95042a833fa248d1254da6b4cdb5f2532800b7f08b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/dc5d190996ae45dfea78e34261413044.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder&pb=a97213fad9d648e1a13d8fe56a5b07c1&click_id=27581_251125_4_6_s1_1950621&r=ru
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0dM2Y75TWce9OxAxFkAg==; lng=en; window_width=1920; che_g=4d6ccf25-f04b-d572-ae8b-1a70c3f6a819; SESSION=1e61a567e3ab58ec627b13a47d2ae925; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder; postback_watcher=%7B%22tag%22%3A%22s_1558737m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D18069_30365_d70971_l71502_clickunder%22%2C%22pb%22%3A%22a97213fad9d648e1a13d8fe56a5b07c1%22%2C%22click_id%22%3A%2227581_251125_4_6_s1_1950621%22%2C%22r%22%3A%22ru%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 20:48:55 GMT
content-type: application/json
content-length: 349
last-modified: Thu, 20 Apr 2023 10:23:24 GMT
etag: "946a6ec7822e4a0488b1b37257a08f44"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|