Report - refpa48633.top/

Report Overview

Submitted URL
refpa48633.top/
IP
104.21.16.176
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 08:36:06
Access
public
Website Title
1xBet ᐉ Online sports betting ᐉ 1xBet online bookmaker log in ᐉ 1xlite-660473.top
Final URL
1xlite-660473.top/en?tag=d_421509m_1599c_
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
94

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-04-24	904 B	448 B	216.239.32.36
services.addons.mozilla.org	6161	1998-01-24	2012-05-21	2024-04-25	677 B	1.8 kB	54.230.111.124
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-24	521 B	477 B	35.244.181.201
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2024-04-08	97 kB	7.7 MB	185.244.209.62
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-26	1.3 kB	488 kB	142.250.74.72
radar.cedexis.com	3035	2009-01-07	2013-11-27	2024-04-23	822 B	1.1 kB	45.54.49.5
refpa48633.top	unknown	unknown	No data	No data	471 B	969 kB	104.21.16.176
refpa4293501.top	unknown	2022-06-17	2022-06-17	2024-03-28	515 B	968 kB	178.253.46.82
1xlite-660473.top	unknown	2023-08-11	2024-02-06	2024-03-26	57 kB	1.3 MB	178.253.29.47
widget.suphelper.top	unknown	2023-08-02	2023-10-04	2024-04-18	7.2 kB	2.1 MB	104.18.39.72
www.google.no	25607	2001-02-26	2016-04-05	2024-04-25	580 B	578 B	142.250.74.67

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (116)

	URL	Size	First Seen	Last Seen
	1xlite-660473.top/en?tag=d_421509m_1599c_	2.0 kB	2024-04-26	2024-04-26
Pretty URL 1xlite-660473.top/en?tag=d_421509m_1599c_ IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:56:27 Last Seen2024-04-26 10:36:30 Times Seen2 Hash 3136cb5cf3ba8ef8c085628e19e09569 74f089819d95a5450a895bace8f4e940f24d38ee 9a94ede92564e5b5598319a71e104deebcabe6b7e354f3aaa159f3d996086104 Loading...

	1xlite-660473.top/en?tag=d_421509m_1599c_	924 B	2024-02-25	2024-05-04
Pretty URL 1xlite-660473.top/en?tag=d_421509m_1599c_ IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-25 06:56:59 Last Seen2024-05-04 07:42:12 Times Seen56 Hash 92bf20f2f922cc746bec8fe320b23ed3 768e5dbe711e1b62cad807b11ded99ef85001483 b81f4c4f575092cb52a07f89a96291f8e258b3f6bf61e51df0fec3bcc3132fea Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-2d71b204.js	1.3 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-2d71b204.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 195337917bfce628357a5db2aee5432f 154d69e35c36bd6e01d05b4045badf4872f9ebc3 c605b7891079605ad4b90aa944b0557202c0df060c4cfff972d413db0170fad3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js	17 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 9edd02014a4812685d800389066bc94b c89f400bb9b8ab7af4e7461a2d2ec002aea83bb8 23e9fe0dac6ac461e53781b9d407e7e3595eeea010fb4d6236eaa6b7699928ee Loading...

	widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js	10 kB	2024-01-20	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:35 Last Seen2024-05-05 05:14:03 Times Seen440 Hash 54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-c1b13bbc.js	199 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-c1b13bbc.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:30 Times Seen8 Hash 770cae056135fc518ad14933ba614b1f 210efe80b13338caa77279c4f9f89359f5537baa a42fa9336cfcae84bf3d7e45164a21b51b754fcdb2ed97824d183698b3d7ed20 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-212b3d8d.js	30 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-212b3d8d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 361fe5a6001442cf39008a4c1116f2e4 81884dd80c15438223e8d8d3e6c1ac1593d3e99a a75467a41371ace952fbdb97273852b0d3bde6c06e2f2405808601693201d89d Loading...

	v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js	852 kB	2024-04-25	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-04-26 10:36:33 Times Seen8 Hash d43b77608bc8d96538ae9c273040c05f 976870970f803da08317c877884507f74612dcb0 6d2939523f88a6d4cce3fb00a10e7b0bd1a2733ba36d72ce608bdb19a287f109 Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	318 kB	2024-04-26	2024-04-27
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 10:36:30 Last Seen2024-04-27 00:40:16 Times Seen6 Hash 6a119a7c21ad17f72bd683bfb6898f21 9a9905a76882036cf8681cd10bdfacb77972c37c f6c50316be3cea9a1a3bfa42ec4dd52f008304872a31eb6a97214515036b7aca Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-cff7ad48.js	21 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-cff7ad48.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:33 Times Seen6 Hash 3f56cba5378467ab13f9b0306595ae53 2750c16fab16b27a053e7e98aac5e8f0208172d4 2401f7c429a40b5ff67fcbb6b78a804167da3d50d936c45b30e6fdcc990c04cb Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-d5668a78.js	14 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-d5668a78.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:33 Times Seen6 Hash fdb7a93a6ddb45c5aa62038f2425f285 a4836eee77f925e40da1e670590dd08faf87b992 4a0463cc93f9ab8a16261880e0ac51d30932b1d07553817879a0addb00af38e0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-09271208.js	235 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-09271208.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:33 Times Seen6 Hash 510ed48f64189337e8de2946d86f628b c31579baef67dbaf7cc2f17bed8e2335223e3f8e a236c2dd075d9f3fb5ba4ef3dec0efe9a6e60c79520bcc589a0f233dc96e54d2 Loading...

	v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js	7.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 646a2b32c35fc60e6fe759e25b80b680 4bffb554df5ebcd3f96154047e39cc1efe9d4658 b8339391f1719293f8987d960120957904d99c0e4d634e48f6f16f3e2c25e812 Loading...

	widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js	108 kB	2023-11-02	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:20:57 Last Seen2024-05-05 05:13:54 Times Seen2366 Hash 83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js	77 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 10:36:34 Times Seen10 Hash e0798c11c128dde9a2f8cb7010b4f2ac b501199439c816e3ce7b4db9343be18c7176393f f4d06de3e82b9e4717168f7368574bd7878368633d05b5b2136645e9f0f41fcb Loading...

	widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js	481 kB	2024-01-20	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-05 05:13:54 Times Seen438 Hash 46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c Loading...

	widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js	107 kB	2024-04-25	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-05 05:13:47 Times Seen75 Hash d0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5 Loading...

	widget.suphelper.top/_next/static/724286ac/_ssgManifest.js	77 B	2023-03-07	2024-05-07
Pretty URL widget.suphelper.top/_next/static/724286ac/_ssgManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-07 00:15:44 Times Seen85867 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3e98905ff0ef.js	4.2 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3e98905ff0ef.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 16:29:53 Times Seen4 Hash ea85164f3c2c7d7e126e0e8be39d1ce0 c08ded6dfcbfdc6412de36c452f1cbe04ecf374b 5a3925b964a8e6883a0905ccb7dc1324c10f9653a54ba61b6ce2019c5f8855f0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-500bea4e.js	66 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-500bea4e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 85aa5ed6fedc499534bfeb8eee571fb6 b751e2adaae96f130072f0e7eab069e15d196ec1 e5e627bc912c4a35155dec18e77f6d9bf9c211c970530570975b82c4409828f9 Loading...

	widget.suphelper.top/	196 B	2023-07-20	2024-05-05
Pretty URL widget.suphelper.top/ IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 14:42:12 Last Seen2024-05-05 05:13:54 Times Seen2019 Hash aa729c2ec64b60ce3b2052cc8edaa329 0f673deff4bffdd337a6220feb0b7b5b5ff666c4 9693391d461678be59d683100b1442f4ee65d2cf5bda3904fbf6232a7eb921ca Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0b23288bd734.js	5.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0b23288bd734.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 16:29:52 Times Seen4 Hash ac462273a8335f158ccd0812c8d96cca ec97b28ed11a223b61173238fbff4ce8c28b1eb9 eeb96f45a00607fc87bc0fbc72edbcc26ed8981bac17cae3f3d1e10ce1c3b482 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-cb1300f7.js	122 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-cb1300f7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 07824180288a9c6a3276f486612df7d7 ec83f284a957114b2bf1e709b574c8bab032bf19 b89df0b5e3c1a25a67b84e7fb42719fd512dbc49a8c3dda0e7dfe786f6ee573a Loading...

	v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js	3.2 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen9 Hash 31dddc1647801a3327fdbc35796cc728 be143b7b082c2e26d4f5888795cdfbae3ee7fe30 5e182646aa4ce68aad3d97501ada00313a7dd51a5883b713c27803bb51e0a7ca Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-fcf94262.js	65 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-fcf94262.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 0b750d1eb8ed980568c3b2783bc73abe 2f4cbcbc29cf5174e2490d0723dffd13919391a4 36844a337b242c366f594f7cd16f1505aefa8c2c38dccaf97b78eec261021312 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js	56 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:34 Times Seen10 Hash ed1aa306ac0483a61e03d12f0cf0c683 3688fabf92067a4cc58d87aec282cddc6a7e33f0 fdc6326914576f6b064f1b56dc5e153e8f601d12932d28cda623ea1c6670ffff Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-23d987ff.js	12 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-23d987ff.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 8404462012316144032423ce8fbb64eb 5c746a0ed3594abdc7d43a410293e265dd3b2fca b1f58b41aa6480dc6df0ae7a62b0726e2cb0b3e5623513aa8e954c87450f7aca Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js	40 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:38 Times Seen8 Hash 681145f0441284174ef426e56941290b 6e6844a39c0a7b28cd162391753ac6429a576728 a9b554dc85ad806c70c5a650600b4c39ea900812543992e8aa761b779600c3bb Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cae4f1b8545c.js	1.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cae4f1b8545c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 16:29:52 Times Seen4 Hash 719cfbcc9fea351eaa8e09773949ae73 4b42ab6a61b19a178b40fbda071baa8e0f95326b 9187ded9e6474f6c8dd3119814a738c1e93028800cfa81ec5e09f249150f7e55 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9a596f911770.js	1.5 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9a596f911770.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 16:29:52 Times Seen4 Hash 37522b6a3d761c89809cb6f794ead60e 2ef6b91fabef8e2001adda71c5592cebbd1caf61 751c6dd1170a34ec54f5d58da1ea9d4ed72ad5e542906321c3726c4a8b627fbd Loading...

	widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js	3.8 kB	2023-10-05	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-05 09:17:37 Last Seen2024-05-05 05:13:49 Times Seen1970 Hash ba1681cca05ff7b4f8698587da76ab26 7113520b461dfcbdcbc1725a1acc6e05547bf20e bcfc83f65454f29634e61503e84d77f3fe8bc06451b90927bf842e9ad352ac64 Loading...

	widget.suphelper.top/_next/static/724286ac/_buildManifest.js	519 B	2024-04-25	2024-05-05
Pretty URL widget.suphelper.top/_next/static/724286ac/_buildManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-05-05 05:13:53 Times Seen46 Hash 06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/28a6402a2a0b.js	1.5 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/28a6402a2a0b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 16:29:52 Times Seen4 Hash 24906b7dbc572ec6dd8117e9bd9939e3 27989b50dbf07c7f51ccec91e4a4e10d00636911 225102331acf9caab141423d88edaeb0d928e8cdda1d0e521fabcccf2eca61bd Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09f13029.js	15 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09f13029.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 73f82bd11055f942d7fdc91daeeeffe3 b105ad08a4eace9e06c2dccad185cffd174b2abb 599ee13f2007b11321a9bfaeee0b82ce9fceb73545b010019bedd35d2bdf491a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-9123e772.js	7.6 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-9123e772.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 6799557112e6479f4840348196eed7a5 046037566d79a018ad198bef462fa51c74bbb5a4 40caffbe2d55fa120e702fc464aac54e941c61b3031f22f5792205a572ff5ac7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-fc97ad68.js	16 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-fc97ad68.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:38 Times Seen6 Hash 12c0a8a167063fa1743b27ac4e537460 a51e99cf826d86a23bf7e166f833b46b517ccdbb a49ece220afcdcf483c4b1a36e0813329c879079080cd81008709687811d1125 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-942b40c1.js	7.8 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-942b40c1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:35 Times Seen6 Hash 232ecfa8f26b49fb3480baefeb590279 833cd5b10a0705d28a970a8bc3a3ab5c66553a84 fca603603d836bc26b0b016e308ef7a897c3109b0a2b25b9c7c87ae0c7e160a1 Loading...

	unknown	47 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:49 Times Seen838 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	radar.cedexis.com/1/23802/radar.js	390 B	2024-02-13	2024-05-04
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23:26 Last Seen2024-05-04 07:42:13 Times Seen129 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-82ce6195.js	110 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-82ce6195.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen6 Hash cb65d148da616bc7624597ec1f9802da 51d8d278e180f09b548c0b123e3627840bce9244 2e27352090f3824edb7a7849a5daf063288ad34f11c710525c99b0bf1486b66f Loading...

	widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js	78 kB	2024-01-20	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-05 05:13:46 Times Seen444 Hash dc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js	53 B	2024-04-24	2024-05-03
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-05-03 04:24:11 Times Seen20 Hash bb7e15ec1662efa164ad912bd1c65e19 bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52 a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/93ec59abc015.js	731 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/93ec59abc015.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 16:29:56 Times Seen6 Hash 7d7870ff5bec46f886d9df91c47f1bd0 ef32d1ab97e139ebf8d154c12b9feadcb7bab591 2b948582d897b0b58d607b573884d441ab2f9320770a69bf3a4b24a92fc3778e Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-627abef7.js	30 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-627abef7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen8 Hash 4d2f484f3465b217acb7bc2c93924f01 f6274c5c70d187c221e04edacdc4e73bc90bae28 57931838efa5e848ac1467518ce0d43b9a11e44f53f41d0b48a8fc321ecebb7f Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-79ad2f0e.js	37 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-79ad2f0e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 70a856ece2dd02e933e2fef3414ed184 1934275e14664f9ae568d5c584cf0d7bc405eb80 2436484f2b0d5cf261d2b340beb9d9d93998a13162919864119ac0cc0c13a8d6 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js	32 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen7 Hash 73045dab5a0f1892f4ecaa63deac81c4 53f582f313d660bcb8bc204d4b9930878f667271 3da8040fa2cbba713382129ac29b73bbd06c920cd0086fd10edad8b85c413e23 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4efc36d7a3c7.js	6.7 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4efc36d7a3c7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 16:29:53 Times Seen4 Hash d6054001e832a4dbc81c272445edf992 4b6a4b8581e9b4c9788ae47f6550fb107351cf21 51b421978e9f8cebb5c683e65d8987b7b8e4d6ce08180e0ea4b4eddae24a6011 Loading...

	1xlite-660473.top/en?tag=d_421509m_1599c_	744 kB	2024-04-26	2024-04-26
Pretty URL 1xlite-660473.top/en?tag=d_421509m_1599c_ IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 10:36:31 Last Seen2024-04-26 10:36:31 Times Seen1 Hash 3d89caa226175ae2c6d421ec0b00eb57 d57ed68018633f5ce12be242e4fc28c9396be916 353db1b2ba5666e1144cd1ce7ef3c8fc333f15638ec82207b1a7e806628ed634 Loading...

	widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js	141 kB	2023-03-08	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:26:33 Last Seen2024-05-05 05:14:03 Times Seen2362 Hash 896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js	966 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen9 Hash 47ed64bc46475959fb808f6ad315b17a 6458a90607fec951440547e5da3ece80345a79b3 6e6e1c838342b6cc15d98b2024a13f8f1e39dec2338a15bf9b04c1d73c9650c4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-997209ca.js	37 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-997209ca.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 65e245bd372dea1e58738d756283e8f6 8f6563d4b9b19f66c4e537ab793c123599168d26 38c3961b371948346f708b3bf23d6f20b83e76f5b0b4102154c84bb50fe7ee5c Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/344e644612ea.js	1.2 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/344e644612ea.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 16:29:52 Times Seen4 Hash e3860273696b2c2385615d1b02860059 f0e4d48268e48ecec11b95490d17fc6886e57c03 6abc62b8f71a23064894476369e1d95d6efe0b5def6678a5b02a143541aaafc9 Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c	318 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 10:36:32 Last Seen2024-04-26 10:36:36 Times Seen2 Hash 7028c121505b76e3a85bc885cde4ca84 bbf65011ab79177a8daff899813bc268e8c2ab77 047f83427695c169755c344ab922369bf57f15b764f6d61fce33dd7e583c91a6 Loading...

	v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js	138 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 67738af5bf23b478a572a381a2acc716 dd7280b456a511724f02c36bc432472d28897aef 38d639b8059f8649a3afd6bae7727428d389d106ba7f5f58abe27ef6d5a59183 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js	12 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 1f560cda98016a758f23b98bb6451629 601e2074c0bac9c95a4cde3a1b0c8b2c46fc4157 e56d555d970e127bfcc5baf5da80649f7db6e3b9b09795af851020ca565644cd Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js	27 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen10 Hash d6c0749abfe6ac3fa12439f8c5280965 9f433c690b68983f71225293938bfbea88e432f1 fe95732bdaefa78507800cbdf5e127902eec74eef86bee6a9bf1eeafc915c26c Loading...

	v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js	2.3 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 5fd92d5e19084953d42f6435bf43dbc3 1605b683a815f82e1439bedd7f7acc9bef1d75c1 ad5547e0059467c7711c34a6627570759b87ea738c7659a3f169fe1871eb2dda Loading...

	1xlite-660473.top/polyfills.js	0 B	2023-03-07	2024-05-07
Pretty URL 1xlite-660473.top/polyfills.js IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 00:27:04 Times Seen37388306 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-9abe035a.js	28 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-9abe035a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen8 Hash c790413a6f4ea0dbbb7278d4ba07c8e2 aeea4548ef2d3820699053c3c6b7f653703688ec a85e58d257f382c639e0f17995d19e6e55271ee366813029aa709f067bbef4a2 Loading...

	unknown	39 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:49 Times Seen843 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-1d2478b0.js	10 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-1d2478b0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:34 Times Seen6 Hash badfd1b5440c69f594132dab6b8ece6f e1320ef520529473fd5de690b92bd42dd41eac81 12fc9f116dac766e665d2fd70f408cccc5497e8f6f25cc3c0ce3df667d43d693 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d63b25015d05.js	504 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d63b25015d05.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 16:29:56 Times Seen7 Hash cdd39c58f3e34ab3b3329f45f9e6199e ec9449f5d9bcf93d4353bec1ba69d01e9d36bf7a ace508d846e5384ef8bab277ab6b1ebfa8cdb6d273c9c06a507a84531fe1a7eb Loading...

	1xlite-660473.top/en?tag=d_421509m_1599c_	15 kB	2024-04-26	2024-04-27
Pretty URL 1xlite-660473.top/en?tag=d_421509m_1599c_ IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:56:29 Last Seen2024-04-27 18:35:59 Times Seen6 Hash 1861e0cd3bf864e276de73dd8df48b59 e862f67f8c5080248bb8410c56a7b7ad0dba62a8 d53f198b428a962cd2d85618c139e053ae638f93af65d796a1d632392059c3c4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-0a5e307c.js	416 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-0a5e307c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen5 Hash bda5f679331e3f3a71a5ab33a44cfc03 4aed09967637f2771aa64524e3b2a5a4279466f9 dce768bc7197479f989e5b23944b49c774309864a2d42f9ce0e6da3ffd54a262 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js	30 kB	2024-03-23	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-03 05:52:36 Times Seen31 Hash dfa127e93d125d4f6c566203eaf225f2 32c1fd89c4eeed7ac2a942582b3786659b15cd43 cf5077d1cff62ce76807408ebc2203563b7a221ddf1cf38339c6d54289bff390 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-372f5fe6.js	2.3 MB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-372f5fe6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 16:29:51 Times Seen4 Hash e0292fb628a2f149f222bae2c2246200 c90fdda7fefa70a45a180c7e19ecb24be54c5a8b 4a1feaa3be631481f1474103c567df7c2cecf3cd2f6eda56e69b6def42d8728e Loading...

	v3.traincdn.com/_nuxt/check-ob.js	211 B	2024-04-24	2024-05-04
Pretty URL v3.traincdn.com/_nuxt/check-ob.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-05-04 07:42:13 Times Seen88 Hash ced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/093330da9752.js	2.6 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/093330da9752.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 16:29:53 Times Seen4 Hash e99039abd8dac007c9c64df5cbb76091 5260a25ca027038a17c24880a3b000c25ec52442 b9f8ee4db6e9c2b89249aae1c9cb0d37d536e5ee62fe36c412e7aa151ae3943f Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/994284d39ca5.js	1.4 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/994284d39ca5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 16:29:51 Times Seen4 Hash 901f57b165b23c191081c0d0112a5eda ac44c8ceab89512fad0470589198b0e453c49442 c9cef598b387cf4767593b47e7850b9feb99bb187d976744aaf651bd47000c2b Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-f5f00544.js	42 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-f5f00544.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 09f939cf46957d82e821f8807e05968a 5e1ec26d95f29042bb2f78c902b37c44817cc109 771bb7992371b7c701a37d462456fc4529bc477b52a334c8667762ca4e5a306b Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js	26 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen8 Hash 83575afda287eafafb4102f4463ea9a7 241502bfcd1fdaf75068e1f6497e65642ec7981d 6c7258871472c35e8d3f7f4c71550a079165d95f913297204b6746faf5f31f33 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js	69 kB	2024-03-23	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-03 05:52:36 Times Seen29 Hash 138de5d55ee831195dd90bbf5c557926 4413082980942643803d8d4567df2f8395c0e868 55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js	101 kB	2024-04-24	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-05-03 05:52:36 Times Seen29 Hash 51ddc52774f4e5bd6a6f1c22e9d19674 374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4 642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/88071a5d390d.js	2.1 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/88071a5d390d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 16:29:52 Times Seen4 Hash 3084b8e581d711a9e12b5519b6d0d789 fcd042cbe3059407b08d1d0eaa713633baf4b2e3 7f3f18ecfefc927e97ae5320f180c89cf2d38cdd7453b958b4d68aa77fd69e87 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js	450 B	2024-01-25	2024-05-03
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-01-25 11:06:32 Last Seen2024-05-03 04:24:11 Times Seen103 Hash 056ce527a12544a37f984ac598be2344 6946b65cf1c68960e5f9ac0900a0df66a13e7e85 cd7cdf53c803ca43a37171180d14c2374e45ab347d309f9b83a107b9ad9b4ed1 Loading...

	unknown	34 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:54 Times Seen851 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	unknown	96 B	2023-12-06	2024-05-04
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32:27 Last Seen2024-05-04 07:42:12 Times Seen881 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-4ac47a98.js	15 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-4ac47a98.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 10:36:34 Times Seen6 Hash c57084469422f881a05ddd74499c60ff 739fdc06fcdfbcd15f86b58445fa17026fa33dc5 7abe74e474edb41787c9e7b7a653a3660adaab357d4544c631adc41b6241dcb5 Loading...

	v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-6c0bd0e4.js	3.1 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-6c0bd0e4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 8de2f812def30650dc849a6c4ad1d711 cb603fde42ac77caf6f5432c710cfe271dda3cef 537262d05d61223f1d34cb2ec7ec7240f6b49c1189d0b7d7cff0384a4292f150 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js	81 kB	2024-04-25	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-03 05:52:32 Times Seen11 Hash 67267513246705d46a0bb83e1f8efd2a d1af6d9ad50f110bbb4bb4d75965dd939a14e15d 35acb34c3273056ead66f9ae7dc11b3c2e3bd1a4c46dc22daaa6900c150c2b2c Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js	1.3 kB	2024-03-23	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:35 Last Seen2024-05-03 05:52:30 Times Seen21 Hash 518e0ae196483ada8b528a1f2b7df0a1 50e66030d9aca44adb3bd7893ef3c42593e26be4 529ca09688eb85183a34a43651cad1e8fabae2a02924753d54786f3de5e85693 Loading...

	widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js	37 kB	2023-10-13	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:04:09 Last Seen2024-05-05 05:13:49 Times Seen3067 Hash 6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6684c66fedf3.js	715 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6684c66fedf3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 16:29:56 Times Seen5 Hash 363cae3f1a92357379ce31b700f431ee 9efb3994d1f63ab3f780139f0b5aed96e4d50c1c 2fcf183d8381d7ea36ec6f5302a14441c53621240cc1992dc218f01258832345 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/694da3a9483f.js	424 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/694da3a9483f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 16:29:56 Times Seen7 Hash 784714dbdeff946febf2eb88c77d6340 5da79cae3317a05b281ff8c256686a1a772b2352 1ba04d68c320b81d0d06784ac28bd95743cb6ef9ba02f34a3e733beca5e23c11 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-c8580d37.js	20 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-c8580d37.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 68b0e7b36aaabe3fc4c55b9b7a99b204 8e30dc11ce9406793473bdff9aac0101f562655e 2bdec28d6e101619011e495111f672ccba2334d2f089a5a87fca2512d86d7f0c Loading...

	widget.suphelper.top/injector.js	208 kB	2023-12-17	2024-05-05
Pretty URL widget.suphelper.top/injector.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 15:23:16 Last Seen2024-05-05 05:13:50 Times Seen929 Hash faa1c0b5a845868ac1a8071b6b87d458 71034e9bb2726a20b2afa197ff4e1b52c2ab976b d7585c13a4abd3b295a15b2bce2b2d7121a697f42ea85f89f40624ac26b075d0 Loading...

	widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js	92 B	2023-03-07	2024-05-06
Pretty URL widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-06 22:59:24 Times Seen7785 Hash 7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js	1.0 kB	2024-03-23	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-03 05:52:33 Times Seen21 Hash 8fecd56fc5520134f3c39b17431fe0c2 e0cedac030a1fcf68779a592ed9e0775beb45123 3e01dfddf1e68faa32769d615eeb0e838a29241d18a57090040c595ee05f0ba8 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js	21 kB	2024-03-23	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:33 Last Seen2024-05-03 05:52:36 Times Seen30 Hash 598d5481ac96b9bf8013b0eb1413b8e5 cc7e3384da379a215ac43b2385e901e22ceb6327 1488ecc35389c72a3aa26d468420069f6b719db456ea82605762311da663b65f Loading...

	unknown	44 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:51 Times Seen840 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	173 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 10:36:32 Last Seen2024-04-26 16:29:57 Times Seen4 Hash fd9244857bf0662cf25ac4e18b6ab276 2d93ea416dba4d5cdb6468f6096cc484ab62e2f6 ccfe4494f3a08377a14704a0daa98d09fc2210e4109f1b35d43a411cf75d093c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-c04577b2.js	21 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-c04577b2.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 92f2228f7f2d8ea17cc1bbd2946c5235 79c8609806d6d5d95cc518023baecc8d1952e6e2 e097b717e3ae34e2ff062ec780fb4b9513f743f41ca1e0528f07361bb5dc3f48 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/034cd6868126.js	188 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/034cd6868126.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 16:29:53 Times Seen5 Hash a2bb3a4f84cc4e6bfba45a8e4c3932e1 57bf2f515613e238a1764722cc33c0047f967df9 bb68af41c9da35a2304660ed2f598a9e188a5be99c6e4cef32f52af904300a54 Loading...

	v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js	47 kB	2024-04-25	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-04-26 10:36:34 Times Seen8 Hash 98255763f3f394149bb9d0b5f43f0cf7 9f9956c07034407cf605d11bc57b37c8a928c01f 664cac2629ba11af02afaabf5b06ef2bfab319d36efdb7c6b81ade6edcffd217 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-da45acc1.js	134 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-da45acc1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 10:36:34 Times Seen6 Hash cbf2424a84930767b46aa8d32382630e 237dc0de3c9db7b080424eeb69e2feb2a6d7805e 4a2f536eada6636b0d6d1747962d8aa508c88405865199c32f05cd95605bdfbb Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-41260109.js	76 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-41260109.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 21a835136b8ae33cd00097879bb168a6 0be03e28575e2d36f43af705a84d6696e07717d1 cb12d647211b4890761ff8ece8e9fb9b0de34219e200e7a2c8dcc123c3417632 Loading...

	widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js	373 kB	2024-04-24	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-05-05 05:14:03 Times Seen81 Hash 36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/01023f59e318.js	372 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/01023f59e318.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 16:29:56 Times Seen6 Hash 95f43fd089613a8f57a2ddcbce517853 ae316accba7d55342e6287aea6e3282314e054e7 61dda30ecb2fd311698e84921bd8b28615c96fe7bd39fae2f3bbef3cb61e2b03 Loading...

	v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js	6.4 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:36 Times Seen10 Hash 14c0a5b475850d7da7e8459bf9df5766 f4cbfa40f0f3e3781d23a8a2e3715bf8252a2402 a6a30f6358ba3aea4d315b8838587ef81df7d171d0f84e2aa6d6faaadad614fd Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-27024645.js	20 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-27024645.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen8 Hash b69735a0304bc0ac21b40573ee550f0b 96f237bfaac6dab3ce2595e9961762984ae1545b 5defbae69d8affe7aa3e1eda4b2f1759900c2ce35985b69928b65cdfabfc78e3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js	2.3 kB	2024-04-25	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-04-26 10:36:34 Times Seen8 Hash 20dfbfd0b527a3400141072543ab8d14 8b18103124ebcc40d3817e5b0897403dd79a777d 60ad198390a8936e848b2beeb25fb8f57fdb8a9a44cae0a2b22b731e38242d95 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-1ecfb74c.js	1.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-1ecfb74c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 14565039f0ad5d77219bca259af6c150 e4a754546968a83c871aa2a5f4d88ba141a15fc6 6558d81c13b54927cf40265b22f5c1c9184571e740da752071d574092556fc90 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-74faad26.js	28 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-74faad26.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 36a40a25b745631e0e28cac4083cbeac 76ad3820c008567577fec994bf3e1e7440e2e77e af4793dd4927863c6ac8d66b033d5d7efb7bfa65a967208fc1c12a07bdc64436 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-888df66d.js	24 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-888df66d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 54be88936d941a65bd59d27f8bf96657 47a93d65c60bc45add632fcf288afff7ba6fe257 ee1dc1579a781b5d03318e39af446dfe8d2fd2c1cd6878a61882c21414d24a06 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js	25 kB	2024-04-24	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-05-03 05:52:31 Times Seen24 Hash 701ad5a22b8ea7213a53e334d0898349 87749d947f6aa40eb671447b58261d710ec5479b 07669c2ea7c29dd69e47f5518ba73b76389f3479e19f7362b461ef0fff96c1f0 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e4f5a237b491.js	41 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e4f5a237b491.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 16:29:58 Times Seen6 Hash 827336e53d45532bf8abee174a7db24c 9e22ae96319fe168ee654d0b13b0ab8ee0389c9c 5d8ad0aaff4e86121999a5653478d797eb03810c582f5198c1f1ec61ccb8659a Loading...

	widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js	1.0 MB	2024-04-25	2024-05-02
Pretty URL widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:13 Last Seen2024-05-02 04:19:28 Times Seen40 Hash 0a8ec60f8885a9417bae7ec2a3981f82 ef0fa91cda49946611fe1cd09819cfdaf8a1c6f5 15d73072cdad0ee70bdc75731a1c2d81326b0b1391b668cd36c639a321105259 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9b1085266c45.js	435 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9b1085266c45.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 16:29:53 Times Seen5 Hash b075575bc06525b491d4fd8da21e93ff e62563ac20cfdd6b44cc0c3e86aacaf1358e48af a5080ee6ff8f42eb65b4a7efea6d14b91d954e2db650bf7027e85ebf2041dae6 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js	32 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen8 Hash e56eb405b1675cee62515df2dd269796 9c9c94e310d2895822831bd3face015b1cbf6b06 d2dbde0611294046d74c6cfb5ef4fb9b3559df984253e2e490fe238b59303a54 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js	8.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen10 Hash ceb24e94d87d9c04b6685d611e9050c1 781d9f7fb4ff0e09fa74cdcdc5b1e707a57b4539 bfc675160863b2fdb50b84830a53646a8c762836217ffc99ea6a8b5dc16cd734 Loading...

	data:text/javascript,export const meta = import.meta;	32 B	2023-12-06	2024-05-04
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32:28 Last Seen2024-05-04 07:42:12 Times Seen881 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-ae524f2a.js	144 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-ae524f2a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 886694940b166ad79a7c4b5a30eedb58 7ed534a6ed7b235ce25bc5376476ef84138432bc b0bc120f4a78e08b3d2765eb6da792d0d2232427317decb665bd6aac2fdc431e Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-e046fd95.js	1.2 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-e046fd95.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 9e3ac47608f356bc1dc1a9e6416bb442 ee016384b8a9bd54bb3d9acb0e692fdf935eca37 363d977ed612005685ed3c836a5add69b008d52a94e3da92b0ee2dcbe92ac486 Loading...

	unknown	47 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:52 Times Seen840 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

		Size	First Seen	Last Seen
	#1 Eval - aa696c35c22bb7bdd9804b5a1711e0e6	88 kB	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 10:36:33 Last Seen2024-04-26 10:36:33 Times Seen1 Hash aa696c35c22bb7bdd9804b5a1711e0e6 ac804390237d82629ded5b2ef3def66b196efe23 47b1ecc5cd2af41fefc111fd786cead8961cb68a7d7abf981f2b8a2f2ffd22ca Loading...

	#2 Eval - 4a59a5b42d84e736a74f32725218958c	33 kB	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 10:36:33 Last Seen2024-04-26 10:36:33 Times Seen1 Hash 4a59a5b42d84e736a74f32725218958c 0dc09187c5df0c896b182c58cd0f23995c6a23d8 269aae2933bc231b2e2c663b673e03ec3116d4019cbaa8866f4bc0a90c2e4514 Loading...

HTTP Transactions (278)

URL IP Response Size

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-cff7ad48.js

185.244.209.62

200 OK

5.9 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-cff7ad48.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21263), with no line terminators
Size
5.9 kB (5867 bytes)
Hash
3f56cba5378467ab13f9b0306595ae53
2750c16fab16b27a053e7e98aac5e8f0208172d4
2401f7c429a40b5ff67fcbb6b78a804167da3d50d936c45b30e6fdcc990c04cb

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-cff7ad48.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 5867
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-16eb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-915101bb723030cd10adab4b926be468-b98b3fba02a0fad5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-d5668a78.js

185.244.209.62

200 OK

3.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-d5668a78.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (13913), with no line terminators
Size
3.5 kB (3531 bytes)
Hash
fdb7a93a6ddb45c5aa62038f2425f285
a4836eee77f925e40da1e670590dd08faf87b992
4a0463cc93f9ab8a16261880e0ac51d30932b1d07553817879a0addb00af38e0

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-d5668a78.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 3531
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-dcb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-25cb21018548e3ce9382c92db13a1666-dba4fb93fcfa995b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/1c94b87d.css

185.244.209.62

200 OK

7.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/1c94b87d.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (53523), with no line terminators
Size
7.3 kB (7300 bytes)
Hash
09f5d4ef76cd62ba561edcd01f6b5c5f
270b17bb922c6e3559a71fb9530ec41bd1b54f95
7e1af9add1d57b07ff5cdab9ee1af0b09253f3de94d42a4333a4f1603bce46bb

HTTP Headers

GET /_nuxt/desktop/default/css/1c94b87d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/css
content-length: 7300
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1c84"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:23 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-44a1e6facc83b0fa7ba9e23932403888-6ff39b8db019e664-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:23+00:00, 2024-04-25T13:06:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css

185.244.209.62

200 OK

336 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1099), with no line terminators
Size
336 B (336 bytes)
Hash
6921418ff9395c44037498a4cf17ee66
31879049279e2cb5bc06b249d80d1735ef112b19
e6de221b29f3b4e47505c877067f28565ab5e1b419dc5003aca29c49596e73ab

HTTP Headers

GET /_nuxt/desktop/default/css/a7906856.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/css
content-length: 336
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-150"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:26:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5d0d4ad58aa96c4c0e255420d3fb0752-a073bf8e14a3b273-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:26:51+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-09271208.js

185.244.209.62

200 OK

58 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-09271208.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64940), with no line terminators
Size
58 kB (57868 bytes)
Hash
510ed48f64189337e8de2946d86f628b
c31579baef67dbaf7cc2f17bed8e2335223e3f8e
a236c2dd075d9f3fb5ba4ef3dec0efe9a6e60c79520bcc589a0f233dc96e54d2

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main-09271208.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 57868
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-e20c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-da66f0d29aa2d6bbb20e940a13ea7397-36c15a777341bfba-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6716), with no line terminators
Size
1.3 kB (1324 bytes)
Hash
be35c859b4087d52ff863e02472b7438
acce1097a331dc2ec0669d17db06c679e7c81be6
af7c9af6bda4b329f14b870f4df09e1b11e87d8dba17c30eed496dc5d27dfc1f

HTTP Headers

GET /_nuxt/desktop/default/css/6cc025d5.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/css
content-length: 1324
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-52c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:26:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b868223bd2798dfb8734553a44f7bc98-15320aacc1df9888-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:26:51+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js

185.244.209.62

200 OK

225 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators
Size
225 kB (224677 bytes)
Hash
d43b77608bc8d96538ae9c273040c05f
976870970f803da08317c877884507f74612dcb0
6d2939523f88a6d4cce3fb00a10e7b0bd1a2733ba36d72ce608bdb19a287f109

HTTP Headers

GET /_nuxt/desktop/default/app-019fd1f8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 224677
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-36da5"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:56:44 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ee3306a31cb0456b604b87f83eb7207f-ded6b802e2db0752-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:56:44+00:00, 2024-04-25T12:58:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js

185.244.209.62

200 OK

9.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31451), with no line terminators
Size
9.2 kB (9167 bytes)
Hash
e56eb405b1675cee62515df2dd269796
9c9c94e310d2895822831bd3face015b1cbf6b06
d2dbde0611294046d74c6cfb5ef4fb9b3559df984253e2e490fe238b59303a54

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 9167
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-23cf"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:09 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-081ede8b72a8831d9e1e6a870faf66f1-347f7bdafd8670c6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09f13029.js

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09f13029.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14590), with no line terminators
Size
4.2 kB (4207 bytes)
Hash
73f82bd11055f942d7fdc91daeeeffe3
b105ad08a4eace9e06c2dccad185cffd174b2abb
599ee13f2007b11321a9bfaeee0b82ce9fceb73545b010019bedd35d2bdf491a

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09f13029.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 4207
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-106f"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-60928074f48268fb6a0f334e3a51f712-4ad67dfa0ab0cd60-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-212b3d8d.js

185.244.209.62

200 OK

7.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-212b3d8d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (29993), with no line terminators
Size
7.6 kB (7632 bytes)
Hash
361fe5a6001442cf39008a4c1116f2e4
81884dd80c15438223e8d8d3e6c1ac1593d3e99a
a75467a41371ace952fbdb97273852b0d3bde6c06e2f2405808601693201d89d

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-212b3d8d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 7632
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1dd0"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a24aab9be9203bf6745ab00e06d9ac66-b6dc7b2531f324af-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-9123e772.js

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-9123e772.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7613), with no line terminators
Size
2.2 kB (2212 bytes)
Hash
6799557112e6479f4840348196eed7a5
046037566d79a018ad198bef462fa51c74bbb5a4
40caffbe2d55fa120e702fc464aac54e941c61b3031f22f5792205a572ff5ac7

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-9123e772.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 2212
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-8a4"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-21094f86260d29dae17fe84750c056f2-437b6bf4fdb75ac9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8509), with no line terminators
Size
1.5 kB (1491 bytes)
Hash
b0cd3891fe08ec67c50bbdfd9f7e9181
205511f8e55a0498e8129c290759a26ba4a4db31
75c619e9cabd7b2c1939e6837909e12c51fb3e68888ba20d650cb1939f983f6e

HTTP Headers

GET /_nuxt/desktop/default/css/98ce2926.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/css
content-length: 1491
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5d3"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:26:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f0fd0098ded77317c34410ea13995ed5-ae977133a49b64e2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:26:51+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-500bea4e.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-500bea4e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65113), with no line terminators
Size
17 kB (17005 bytes)
Hash
85aa5ed6fedc499534bfeb8eee571fb6
b751e2adaae96f130072f0e7eab069e15d196ec1
e5e627bc912c4a35155dec18e77f6d9bf9c211c970530570975b82c4409828f9

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-500bea4e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 17005
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-426d"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ad81bc3421cf3ab79c9f6ec740a2477b-5405af53b09f0362-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css

185.244.209.62

200 OK

2.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (20960), with no line terminators
Size
2.8 kB (2763 bytes)
Hash
6cae6098e169876c305ca92f82fe3cde
d27c18f05738795d575c8ce370ed83cf07da0a5a
7095d096e88dd0a09d84d063de1e0eedd406b032150a5af99e796c2ac63bcfe5

HTTP Headers

GET /_nuxt/desktop/default/css/9eb4939a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/css
content-length: 2763
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-acb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:26:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4eae613c153e4dfc591769f410e6da3b-1173e9f9c855932f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:26:51+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/polyfills.js

178.253.29.47

200 OK

0 B

URL GET HTTP/2
1xlite-660473.top/polyfills.js
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.js HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.049
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.060
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-f5f00544.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-f5f00544.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (41616), with no line terminators
Size
10 kB (10291 bytes)
Hash
09f939cf46957d82e821f8807e05968a
5e1ec26d95f29042bb2f78c902b37c44817cc109
771bb7992371b7c701a37d462456fc4529bc477b52a334c8667762ca4e5a306b

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-f5f00544.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 10291
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-2833"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-32dd547f58c6b906f4379cf82f9fc7b1-c8da34addb6467d4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:33+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (47028), with no line terminators
Size
15 kB (14721 bytes)
Hash
98255763f3f394149bb9d0b5f43f0cf7
9f9956c07034407cf605d11bc57b37c8a928c01f
664cac2629ba11af02afaabf5b06ef2bfab319d36efdb7c6b81ade6edcffd217

HTTP Headers

GET /_nuxt/desktop/default/runtime-429a9b40.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 14721
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-3981"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:56:44 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ac4458dbb8bec35fcd470888995cb3e3-ee461bfd70330fd7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:56:44+00:00, 2024-04-25T12:58:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css

185.244.209.62

200 OK

194 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
7f1ee7f9ec47159043591789124ec7cc
bb021131214d4b70b327355a5a947b974f2eccbd
4041bafac614e354c03b647dc8d226e140460381c4816a65528e4ba428b0a0ad

HTTP Headers

GET /_nuxt/desktop/default/css/c3d37cc4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/css
content-length: 194
last-modified: Wed, 24 Apr 2024 11:16:25 GMT
etag: "6628ea09-c2"
content-encoding: gzip
expires: Fri, 26 Apr 2024 09:22:48 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d68beb9a602ce7abc3e4a7874f7becc3-6befe11997c42bd8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T09:22:48+00:00, 2024-04-25T13:58:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-2d71b204.js

185.244.209.62

200 OK

646 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-2d71b204.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1333), with no line terminators
Size
646 B (646 bytes)
Hash
195337917bfce628357a5db2aee5432f
154d69e35c36bd6e01d05b4045badf4872f9ebc3
c605b7891079605ad4b90aa944b0557202c0df060c4cfff972d413db0170fad3

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingContent-2d71b204.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 646
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-286"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:24:42 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c0ad22860c933ef69ca99befcd42d2a8-09ee8a805c83381e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:34+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css

185.244.209.62

200 OK

332 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (975), with no line terminators
Size
332 B (332 bytes)
Hash
31aa50dcbc858f61bf3ed903493b8431
abf67e7f02256d2d5c5e2054b2930aa9b5ece999
18337e3b3c6f57695afaca43e471c075fd711e0485b4e7f1fdc1b6fe4e8703d7

HTTP Headers

GET /_nuxt/desktop/default/css/885d64fc.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/css
content-length: 332
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-14c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:16:17 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c8509d359f8cabbe4cf5aaec39ae1789-10d39bacfbb214d5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:16:17+00:00, 2024-04-25T19:20:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-1d2478b0.js

185.244.209.62

200 OK

3.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-1d2478b0.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10178), with no line terminators
Size
3.4 kB (3362 bytes)
Hash
badfd1b5440c69f594132dab6b8ece6f
e1320ef520529473fd5de690b92bd42dd41eac81
12fc9f116dac766e665d2fd70f408cccc5497e8f6f25cc3c0ce3df667d43d693

HTTP Headers

GET /_nuxt/desktop/default/Layout.Betting.ExpressDay-1d2478b0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 3362
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-d22"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4b2621dc1f84021f47b82611b0b75d22-2c531775748aaa56-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:33+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css

185.244.209.62

200 OK

3.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (31339), with no line terminators
Size
3.2 kB (3225 bytes)
Hash
3cc47f5bfd7fb2ef96257df775a1b810
bbb36b671dd4a1f6e24cce1a48368724994b3913
18aeb0ed76dd6ce1471582770244ed6c55b69fef2e84ffabdabdbf7f32600326

HTTP Headers

GET /_nuxt/desktop/default/css/6c310293.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/css
content-length: 3225
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-c99"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:26:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1c6a029b9e71c40e1c47b5e39f4a170a-bd7c42742a7340a5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:26:51+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8037), with no line terminators
Size
2.3 kB (2257 bytes)
Hash
ceb24e94d87d9c04b6685d611e9050c1
781d9f7fb4ff0e09fa74cdcdc5b1e707a57b4539
bfc675160863b2fdb50b84830a53646a8c762836217ffc99ea6a8b5dc16cd734

HTTP Headers

GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 2257
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-8d1"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0842c0836af63a38640f06fca33e2afe-bae62a6c873989fb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:33+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js

185.244.209.62

200 OK

47 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
47 kB (46792 bytes)
Hash
67738af5bf23b478a572a381a2acc716
dd7280b456a511724f02c36bc432472d28897aef
38d639b8059f8649a3afd6bae7727428d389d106ba7f5f58abe27ef6d5a59183

HTTP Headers

GET /_nuxt/desktop/default/commons/app-52fe5dc2.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 46792
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-b6c8"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-24bf7bf2208b9558ba6bbb37d02981c6-7b7fb2602c6f10bd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:31+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css

185.244.209.62

200 OK

4.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32277), with no line terminators
Size
4.0 kB (3964 bytes)
Hash
eeaf257a8645b90669a2ea93b8fb534e
d81289258b7a5c126dd860232760852cc8ad865e
3a170c88ab694ad7552f7a84baa04ddb248c32b7f8ffe16d55dd73685de87aa6

HTTP Headers

GET /_nuxt/desktop/default/css/85148a0b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/css
content-length: 3964
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-f7c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:24 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cc13259ea76cf215a38f2d446281e590-f23ca149f2c51251-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:24+00:00, 2024-04-25T13:05:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-9abe035a.js

185.244.209.62

200 OK

7.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-9abe035a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (28143), with no line terminators
Size
7.8 kB (7783 bytes)
Hash
c790413a6f4ea0dbbb7278d4ba07c8e2
aeea4548ef2d3820699053c3c6b7f653703688ec
a85e58d257f382c639e0f17995d19e6e55271ee366813029aa709f067bbef4a2

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy-9abe035a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 7783
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1e67"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-33ddd9b36a8f6d81e31d7bca4bfc2728-cea141e260609178-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:34+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/b31cf88f.css

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/b31cf88f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9498), with no line terminators
Size
2.2 kB (2186 bytes)
Hash
96a29f0004392655cc9593713581f6bc
9e217c48ea7052b0df22bd29aa1b62afd807ef2d
f38f8cbcdd652cad7465c60c1eff068b6d104e97f4603f1499cb790f81b17cff

HTTP Headers

GET /_nuxt/desktop/default/css/b31cf88f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/css
content-length: 2186
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-88a"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:33:29 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0887eb3897852cb2f4055a6aafed178c-1da841550dc95407-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:33:29+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js

185.244.209.62

200 OK

270 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61101)
Size
270 kB (270073 bytes)
Hash
47ed64bc46475959fb808f6ad315b17a
6458a90607fec951440547e5da3ece80345a79b3
6e6e1c838342b6cc15d98b2024a13f8f1e39dec2338a15bf9b04c1d73c9650c4

HTTP Headers

GET /_nuxt/desktop/default/vendors/app-3a0481ca.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 270073
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-41ef9"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-823951973b8de6afd1fb392534a62ff1-397c11e7cd5a56d6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:31+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e74c776d.css

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e74c776d.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
14 kB (13767 bytes)
Hash
46c8f0c05f1b041270e8e142c7ce5d70
2b14a5ef8669fe0e73a40a816b894a50c829219f
eed5933b3a22f8155625627d59bf536ceda18acc679a4019833a890e75b07ba7

HTTP Headers

GET /_nuxt/desktop/default/css/e74c776d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: text/css
content-length: 13767
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-35c7"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3dd2d45909053d42aacf17e4af624075-3dfb510e078608dd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:14+00:00, 2024-04-25T13:04:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-627abef7.js

185.244.209.62

200 OK

8.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-627abef7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (29805), with no line terminators
Size
8.3 kB (8274 bytes)
Hash
4d2f484f3465b217acb7bc2c93924f01
f6274c5c70d187c221e04edacdc4e73bc90bae28
57931838efa5e848ac1467518ce0d43b9a11e44f53f41d0b48a8fc321ecebb7f

HTTP Headers

GET /_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-627abef7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 8274
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-2052"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0ad921841e8c230047523f45627902c4-613ae359b608f6cd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:34+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4632), with no line terminators
Size
1.1 kB (1113 bytes)
Hash
f74d8b7e31b6ab236a9577348874385d
87091e6542649037a05fc137fa449b713c85225d
b33d72295f1edbfc13da30236c4b811cffe4ba8ef758a515914cd69cf02edbf8

HTTP Headers

GET /_nuxt/desktop/default/css/5cfdf959.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: text/css
content-length: 1113
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-459"
content-encoding: gzip
expires: Sat, 27 Apr 2024 06:45:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e9f316eedad28eeee46850d084e2a689-143dd0063183613a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T06:45:03+00:00, 2024-04-26T08:01:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-27024645.js

185.244.209.62

6.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-27024645.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (20014), with no line terminators
Size
6.3 kB (6262 bytes)
Hash
b69735a0304bc0ac21b40573ee550f0b
96f237bfaac6dab3ce2595e9961762984ae1545b
5defbae69d8affe7aa3e1eda4b2f1759900c2ce35985b69928b65cdfabfc78e3

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-27024645.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 6262
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1876"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f5bfec9509db64a46e8e086a733ae2fc-1fdc0cc60a70b3ee-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:34+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/version.json

185.244.209.62

200 OK

44 B

URL GET HTTP/2
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
4dda53dbeb340a5129b07e1702aa8dad
614a638c883bf28d94af0918fc794d5d275cfc20
eeb319ca820c70f7b63d4ff6a64bb4852647c066b7cd0245601964722306e983

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 25 Apr 2024 10:41:36 GMT
etag: "662a3360-2c"
content-encoding: gzip
expires: Thu, 25 Apr 2024 11:27:56 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6ba4520c93f18b45fc13337ba70a8216-b90d4fe269f0bdc8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T11:26:56+00:00, 2024-04-26T08:34:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cd381ae64d6987f56c02dc381e216084-952967b19aaed054-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-04-26T08:15:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4d5f6717af9665d4b2ab09bfb1e51322-ec098f1511ebfc4e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-04-26T07:36:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4f199e460bccd2b37af095c5d96c8aed-de6f78f661b92cd6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-04-26T08:15:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png

185.244.209.62

200 OK

653 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8573a852c7c8887cdd877cb4c5da21cb-de9721e418425793-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-04-26T08:34:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/check-ob.js

185.244.209.62

200 OK

187 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/check-ob.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
187 B (187 bytes)
Hash
ced67278c38d1ce1297c121af69fff8a
df6e1531fd84d956263b04254e6f94f5356623f4
2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616

HTTP Headers

GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Wed, 24 Apr 2024 11:16:59 GMT
etag: "6628ea2b-bb"
content-encoding: gzip
expires: Thu, 25 Apr 2024 12:52:17 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-69b5302a475dbad5d45619f862d0c3ae-9aaa94414c1981a2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T12:52:17+00:00, 2024-04-25T11:36:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css

185.244.209.62

200 OK

194 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
2818ab9c6ece35261fbf658165189623
f01f8175a7a89449a1dad5f2a7df06c5866c10af
b4f0b619b6f6ece6589df376a16eae022b084640348887d3c557e20a37207583

HTTP Headers

GET /_nuxt/desktop/default/css/f5105820.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: text/css
content-length: 194
last-modified: Wed, 24 Apr 2024 11:16:25 GMT
etag: "6628ea09-c2"
content-encoding: gzip
expires: Fri, 26 Apr 2024 09:23:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-436824aa824b7a0dbbdd862ece9fd66d-729cf89aea548184-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T09:23:37+00:00, 2024-04-25T16:08:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-e046fd95.js

185.244.209.62

200 OK

636 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-e046fd95.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1235), with no line terminators
Size
636 B (636 bytes)
Hash
9e3ac47608f356bc1dc1a9e6416bb442
ee016384b8a9bd54bb3d9acb0e692fdf935eca37
363d977ed612005685ed3c836a5add69b008d52a94e3da92b0ee2dcbe92ac486

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingContent-e046fd95.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 636
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-27c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bb92c5a3a9ab1abcbda7a81360b57383-55cd5592511f9f76-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-4ac47a98.js

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-4ac47a98.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14574), with no line terminators
Size
4.2 kB (4186 bytes)
Hash
c57084469422f881a05ddd74499c60ff
739fdc06fcdfbcd15f86b58445fa17026fa33dc5
7abe74e474edb41787c9e7b7a653a3660adaab357d4544c631adc41b6241dcb5

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-4ac47a98.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 4186
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-105a"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-88f9f7e9034c28420c14810e736e0e0b-de56c37fd919d3ce-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:32:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6872), with no line terminators
Size
1.3 kB (1331 bytes)
Hash
7727cc93d85a2459297f9b1237fc6a92
f37f7a3ec3d30df2513a38dd2c67fefaf038edec
e4559060670fd8cf92ad4e830ae9237d2bbc735470f4597ad5d943388d9248d2

HTTP Headers

GET /_nuxt/desktop/default/css/2a37879e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: text/css
content-length: 1331
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-533"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-dc66fc6f8ecb119e5a8e946cd053b9f3-4dacab54f78e3e73-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:19+00:00, 2024-04-25T13:42:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-79ad2f0e.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-79ad2f0e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (37195), with no line terminators
Size
10 kB (10215 bytes)
Hash
70a856ece2dd02e933e2fef3414ed184
1934275e14664f9ae568d5c584cf0d7bc405eb80
2436484f2b0d5cf261d2b340beb9d9d93998a13162919864119ac0cc0c13a8d6

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-79ad2f0e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 10215
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-27e7"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-46b41c05f31dd7d67e76b30700fdb45f-871b14a9686dac54-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-ae524f2a.js

185.244.209.62

200 OK

37 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-ae524f2a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65461)
Size
37 kB (37175 bytes)
Hash
886694940b166ad79a7c4b5a30eedb58
7ed534a6ed7b235ce25bc5376476ef84138432bc
b0bc120f4a78e08b3d2765eb6da792d0d2232427317decb665bd6aac2fdc431e

HTTP Headers

GET /_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-ae524f2a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 37175
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-9137"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-31b272bacd4f658871886c59c3dfd297-d5dcd837ffc3daf6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-997209ca.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-997209ca.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (36639), with no line terminators
Size
10 kB (10111 bytes)
Hash
65e245bd372dea1e58738d756283e8f6
8f6563d4b9b19f66c4e537ab793c123599168d26
38c3961b371948346f708b3bf23d6f20b83e76f5b0b4102154c84bb50fe7ee5c

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-997209ca.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 10111
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-277f"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6d95c087cb95cfc2936c0f06a38516ba-467cfb56606fd6cf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/4b5c6c89.css

185.244.209.62

200 OK

6.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/4b5c6c89.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (53058), with no line terminators
Size
6.7 kB (6667 bytes)
Hash
173f5247c95e1b42bb3b77ed0a8eb44d
5b4b32ac3c6b995e254b7e8e1ecdf00ef4882aa9
f20b6d24581afe4c6af83abbc14b11194385c8e5f15a27e972724f61891c6dd0

HTTP Headers

GET /_nuxt/desktop/default/css/4b5c6c89.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: text/css
content-length: 6667
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1a0b"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f124340bf07ca8a579ebc91cf904684d-55e87b9d81c00f6c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:25+00:00, 2024-04-25T13:42:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-da45acc1.js

185.244.209.62

200 OK

32 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-da45acc1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64912), with no line terminators
Size
32 kB (32515 bytes)
Hash
cbf2424a84930767b46aa8d32382630e
237dc0de3c9db7b080424eeb69e2feb2a6d7805e
4a2f536eada6636b0d6d1747962d8aa508c88405865199c32f05cd95605bdfbb

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage-da45acc1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 32515
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-7f03"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-98f5a558fae23b630a669b821c4a8473-354df8703b55151a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css

185.244.209.62

4.8 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (38649), with no line terminators
Size
4.8 kB (4780 bytes)
Hash
8ab5f1e804e2a4565dea164054ff0907
7ee2bea2c9dcb6424f707c35588a316a249270fa
ce3424802faaac382a0efe23fbc285123fae95d0461ecf26e4881e1907acd9ec

HTTP Headers

GET /_nuxt/desktop/default/css/f72f2b10.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: text/css
content-length: 4780
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-12ac"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-dc4f8f633080b9be473ce13cad20613a-2ec37795d896e6cc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:19+00:00, 2024-04-25T13:42:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-c8580d37.js

185.244.209.62

200 OK

5.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-c8580d37.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19536), with no line terminators
Size
5.6 kB (5568 bytes)
Hash
68b0e7b36aaabe3fc4c55b9b7a99b204
8e30dc11ce9406793473bdff9aac0101f562655e
2bdec28d6e101619011e495111f672ccba2334d2f089a5a87fca2512d86d7f0c

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-c8580d37.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 5568
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-15c0"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-056f6aacd5566964f45875b514246fca-27f03f24c29224ea-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-cb1300f7.js

185.244.209.62

200 OK

29 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-cb1300f7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64788), with no line terminators
Size
29 kB (28909 bytes)
Hash
07824180288a9c6a3276f486612df7d7
ec83f284a957114b2bf1e709b574c8bab032bf19
b89df0b5e3c1a25a67b84e7fb42719fd512dbc49a8c3dda0e7dfe786f6ee573a

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.Asian-cb1300f7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 28909
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-70ed"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bf2f14891cdc406f516077c0e10d5e70-5861aa6dfb47a96d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
22 kB (21881 bytes)
Hash
e0798c11c128dde9a2f8cb7010b4f2ac
b501199439c816e3ce7b4db9343be18c7176393f
f4d06de3e82b9e4717168f7368574bd7878368633d05b5b2136645e9f0f41fcb

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 21881
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5579"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-43eaa3e7e20bb9cbab4bd2eaa4030c2a-789176258566f886-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:36+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js

185.244.209.62

4.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12527), with no line terminators
Size
4.6 kB (4556 bytes)
Hash
1f560cda98016a758f23b98bb6451629
601e2074c0bac9c95a4cde3a1b0c8b2c46fc4157
e56d555d970e127bfcc5baf5da80649f7db6e3b9b09795af851020ca565644cd

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-11cc"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4392e37254bba989a77f04b512e5dc6c-aa107505df096bde-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:19+00:00, 2024-04-25T13:05:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css

185.244.209.62

200 OK

953 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3352), with no line terminators
Size
953 B (953 bytes)
Hash
748da80084597d87b4ff5e98b017b07b
db6ad2ec24bfcbe751a23061d935403e1163f471
4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24

HTTP Headers

GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: text/css
content-length: 953
last-modified: Wed, 24 Apr 2024 11:16:26 GMT
etag: "6628ea0a-3b9"
content-encoding: gzip
expires: Fri, 26 Apr 2024 11:04:50 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ef71af5bcd7ca8487a5875a74ddeebef-baab78e23a112f77-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T11:04:50+00:00, 2024-04-25T14:51:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js

185.244.209.62

200 OK

8.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26717), with no line terminators
Size
8.1 kB (8056 bytes)
Hash
d6c0749abfe6ac3fa12439f8c5280965
9f433c690b68983f71225293938bfbea88e432f1
fe95732bdaefa78507800cbdf5e127902eec74eef86bee6a9bf1eeafc915c26c

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 8056
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1f78"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b2a73000513caaa9e185d1b2073379be-6e11cea90564191a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:19+00:00, 2024-04-25T13:05:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js

185.244.209.62

2.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6960), with no line terminators
Size
2.1 kB (2118 bytes)
Hash
646a2b32c35fc60e6fe759e25b80b680
4bffb554df5ebcd3f96154047e39cc1efe9d4658
b8339391f1719293f8987d960120957904d99c0e4d634e48f6f16f3e2c25e812

HTTP Headers

GET /_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 2118
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-846"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bb949260e8059ad25b26ca7e2ee0177d-24474f68042aea6c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:51:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2336), with no line terminators
Size
1.0 kB (1000 bytes)
Hash
5fd92d5e19084953d42f6435bf43dbc3
1605b683a815f82e1439bedd7f7acc9bef1d75c1
ad5547e0059467c7711c34a6627570759b87ea738c7659a3f169fe1871eb2dda

HTTP Headers

GET /_nuxt/desktop/default/DC-5812449e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 1000
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-3e8"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:22 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-af413fc52545e1a832e1cb5a1e3160f6-a9d291ccd275bc2f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:22+00:00, 2024-04-25T13:05:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2341), with no line terminators
Size
1.5 kB (1504 bytes)
Hash
20dfbfd0b527a3400141072543ab8d14
8b18103124ebcc40d3817e5b0897403dd79a777d
60ad198390a8936e848b2beeb25fb8f57fdb8a9a44cae0a2b22b731e38242d95

HTTP Headers

GET /_nuxt/desktop/default/Betting.Core-3d5acad8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 1504
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5e0"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:56:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-49363af425292a310ef02cc040f4ae15-c3973a8ee84fe2b1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:56:51+00:00, 2024-04-25T12:58:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3229), with no line terminators
Size
1.5 kB (1451 bytes)
Hash
31dddc1647801a3327fdbc35796cc728
be143b7b082c2e26d4f5888795cdfbae3ee7fe30
5e182646aa4ce68aad3d97501ada00313a7dd51a5883b713c27803bb51e0a7ca

HTTP Headers

GET /_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5ab"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7d8e7157c44ffc7d75ff6a9d70c63515-8434b37fe1d24c44-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285

178.253.29.47

141 B

URL
1xlite-660473.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285
IP
178.253.29.47:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
141 B (141 bytes)
Hash
bd9be2fa89d26e9e6f1b2e08ffcd0ed6
90eae25ee792254c7ca97e98c5782078f9bdc37f
c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 1586
x-request-id: 0df08b1a7f2babf60872992961ca94cf
x-request-guid: 0df08b1a7f2babf60872992961ca94cf
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=2.3660659790039, wf-uht;dur=0.015
X-Firefox-Spdy: h2

1xlite-660473.top/version.json?timestamp=1714120526071

178.253.29.47

200 OK

44 B

URL GET HTTP/2
1xlite-660473.top/version.json?timestamp=1714120526071
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
4dda53dbeb340a5129b07e1702aa8dad
614a638c883bf28d94af0918fc794d5d275cfc20
eeb319ca820c70f7b63d4ff6a64bb4852647c066b7cd0245601964722306e983

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1714120526071 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 25 Apr 2024 10:41:36 GMT
vary: Accept-Encoding
etag: "662a3360-2c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 08:36:26 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.025
X-Firefox-Spdy: h2

1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.47

200 OK

23 B

URL POST HTTP/2
1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
2c7a9fcc9b05dc0479b6cfa576e4f9fb
9755fd0cddb2bbcf062eabb5c4ee7e6c80c3a771
2b11ffe7bd718116431a572af5201779f94243767ca59804612b8d2550caf862

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
Content-Type: application/json
X-Lang: en
X-Uuid: 54da0800-d791-497a-99ea-1a6fa7d3e024
Content-Length: 80
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-6c0bd0e4.js

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-6c0bd0e4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3073), with no line terminators
Size
1.3 kB (1321 bytes)
Hash
8de2f812def30650dc849a6c4ad1d711
cb603fde42ac77caf6f5432c710cfe271dda3cef
537262d05d61223f1d34cb2ec7ec7240f6b49c1189d0b7d7cff0384a4292f150

HTTP Headers

GET /_nuxt/desktop/default/ioc.dependencies.18-6c0bd0e4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 1321
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-529"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-61e91d2d8d2bc5a15fb1234d104dc782-a1d62af4c71197f3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32231), with no line terminators
Size
7.4 kB (7382 bytes)
Hash
73045dab5a0f1892f4ecaa63deac81c4
53f582f313d660bcb8bc204d4b9930878f667271
3da8040fa2cbba713382129ac29b73bbd06c920cd0086fd10edad8b85c413e23

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 7382
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1cd6"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-dbc3fd642e48471ff7d12e5852984d5c-bf7a3e1de128cccd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-c04577b2.js

185.244.209.62

200 OK

5.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-c04577b2.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (20674), with no line terminators
Size
5.3 kB (5347 bytes)
Hash
92f2228f7f2d8ea17cc1bbd2946c5235
79c8609806d6d5d95cc518023baecc8d1952e6e2
e097b717e3ae34e2ff062ec780fb4b9513f743f41ca1e0528f07361bb5dc3f48

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.SportMenuApp-c04577b2.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 5347
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-14e3"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-eea02a6fc3c79a27112ab6d42dc3d3a2-a597e24f720c6f4a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css

185.244.209.62

200 OK

3.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (22886), with no line terminators
Size
3.0 kB (3004 bytes)
Hash
c7f34a5d51920cc71c1de5650e93ba9f
c8e496bab9ced71a3160f0d30d5f061e9b9845b1
5768f888a21a23426a5ba6c204d97b7fc73ba52a24d503676206036ec84a1265

HTTP Headers

GET /_nuxt/desktop/default/css/ad481252.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: text/css
content-length: 3004
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-bbc"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bca0cb4096cbc3b06382ae4f46bfab4f-f9cd1bbb0f53104a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:40+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-82ce6195.js

185.244.209.62

200 OK

25 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-82ce6195.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65483), with no line terminators
Size
25 kB (24915 bytes)
Hash
cb65d148da616bc7624597ec1f9802da
51d8d278e180f09b548c0b123e3627840bce9244
2e27352090f3824edb7a7849a5daf063288ad34f11c710525c99b0bf1486b66f

HTTP Headers

GET /_nuxt/desktop/default/betting.SportMenuApp-82ce6195.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 24915
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-6153"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cc914c36273804406348444db90dd06c-da3ebfa02722cb44-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-74faad26.js

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-74faad26.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (27479), with no line terminators
Size
7.4 kB (7383 bytes)
Hash
36a40a25b745631e0e28cac4083cbeac
76ad3820c008567577fec994bf3e1e7440e2e77e
af4793dd4927863c6ac8d66b033d5d7efb7bfa65a967208fc1c12a07bdc64436

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.HomeSliderComponent-74faad26.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 7383
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1cd7"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c89dc6361906a64b323ee6a6c8ba933c-e08445cc5b1a3e61-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85022173.css

185.244.209.62

200 OK

1.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/85022173.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9757), with no line terminators
Size
1.7 kB (1731 bytes)
Hash
d9ff2bf37891da2be05d7fd5442113f5
419f63a7b47f983139a1cdc040707ab4b90bc255
05d90d1e2368c45cf52f0796d76035b98b8ab02ff57d218005ddffbfc20963c5

HTTP Headers

GET /_nuxt/desktop/default/css/85022173.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: text/css
content-length: 1731
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-6c3"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f9508f3ee821a0763d30eb8b641d152c-b4e81deea6d7a597-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:33+00:00, 2024-04-25T13:05:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-888df66d.js

185.244.209.62

200 OK

7.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-888df66d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (24523), with no line terminators
Size
7.6 kB (7601 bytes)
Hash
54be88936d941a65bd59d27f8bf96657
47a93d65c60bc45add632fcf288afff7ba6fe257
ee1dc1579a781b5d03318e39af446dfe8d2fd2c1cd6878a61882c21414d24a06

HTTP Headers

GET /_nuxt/desktop/default/betting.HomeSliderComponent-888df66d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 7601
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1db1"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4ac6545c1b0e733493f718a6dc69a8d9-4e89c3eb2125db9c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/9f2746da.css

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/9f2746da.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6439), with no line terminators
Size
1.3 kB (1305 bytes)
Hash
cdd7464b2b178b37ed8a1368b6383203
0a13fc4908d91476649bb51e33d690b460a5a89c
aeacff8e3f578ea2842f067e3f42d53e72a4f668cf526c60dc659bd89f5a3c6b

HTTP Headers

GET /_nuxt/desktop/default/css/9f2746da.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: text/css
content-length: 1305
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-519"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-00b3f85275da44d39ba5d678f00178b9-e821e632a3470e2a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:40+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-fcf94262.js

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-fcf94262.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64597), with no line terminators
Size
16 kB (16497 bytes)
Hash
0b750d1eb8ed980568c3b2783bc73abe
2f4cbcbc29cf5174e2490d0723dffd13919391a4
36844a337b242c366f594f7cd16f1505aefa8c2c38dccaf97b78eec261021312

HTTP Headers

GET /_nuxt/desktop/default/betting.CentralMenuApp-fcf94262.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 16497
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-4071"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-85aed7dc8bb9fc0bc0aba3571c009526-b420dd12f3aa1e76-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css

185.244.209.62

200 OK

459 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1526), with no line terminators
Size
459 B (459 bytes)
Hash
97fdf5b6e7dfddf6ab251e984133b2c3
bb552fe685c52c34e0ed91e4dfaa9df2675ad086
92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3

HTTP Headers

GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: text/css
content-length: 459
last-modified: Wed, 24 Apr 2024 11:16:26 GMT
etag: "6628ea0a-1cb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 11:05:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ccb7c000bc29155e7cb9fd9d23b6dd15-99192b7b9cd083eb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T11:05:14+00:00, 2024-04-25T14:54:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators
Size
17 kB (16831 bytes)
Hash
ed1aa306ac0483a61e03d12f0cf0c683
3688fabf92067a4cc58d87aec282cddc6a7e33f0
fdc6326914576f6b064f1b56dc5e153e8f601d12932d28cda623ea1c6670ffff

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.media-969fa6be.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 16831
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-41bf"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cf423fbda47fb325db635accef4daada-ac968a3493cfa4fb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:31+00:00, 2024-04-25T13:05:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7000), with no line terminators
Size
1.5 kB (1486 bytes)
Hash
f379bc6f4b94f34d96f6fe51159bee63
f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60
b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11

HTTP Headers

GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: text/css
content-length: 1486
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5ce"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:33:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ba6df64dc37a7255805f3d7ccfdad006-078e132aaeeab484-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:33:18+00:00, 2024-04-25T16:12:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js

185.244.209.62

200 OK

4.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16761), with no line terminators
Size
4.7 kB (4731 bytes)
Hash
9edd02014a4812685d800389066bc94b
c89f400bb9b8ab7af4e7461a2d2ec002aea83bb8
23e9fe0dac6ac461e53781b9d407e7e3595eeea010fb4d6236eaa6b7699928ee

HTTP Headers

GET /_nuxt/desktop/default/betting.media-91c67102.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 4731
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-127b"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5f210e1059de19aab14d1cf255e2dc58-3552302c3e1aea37-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137

178.253.29.47

200 OK

155 B

URL GET HTTP/2
1xlite-660473.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
155 B (155 bytes)
Hash
d9c4e764d0719887a701a2fd57d2ed20
dd9132eb122454d6202e18dc89cf3f813bd28eea
bfb3eb33d14d3606f7ef2f2ebf7194a6eba1837022e2cce1a5adaebff4226d10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/json; charset=utf-8
content-length: 155
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

1xlite-660473.top/session-api/sessions/user

178.253.29.47

200 OK

16 B

URL GET HTTP/2
1xlite-660473.top/session-api/sessions/user
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
646b2e82b65602d35f7aa6283c387e3a
b163a70c5df8e4b0861a23a04f8a6f78393747f4
b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.5370845794678, wf-uht;dur=0.010
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css

185.244.209.62

97 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
97 B (97 bytes)
Hash
9deb70dd3fbdc7061ed21c5632fbc55b
22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8
be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9

HTTP Headers

GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: text/css
content-length: 97
last-modified: Wed, 24 Apr 2024 11:16:25 GMT
etag: "6628ea09-61"
content-encoding: gzip
expires: Thu, 25 Apr 2024 14:35:41 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b559289019e69368ba6352e5b944d5e6-859da58481635c96-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T14:35:41+00:00, 2024-04-25T11:57:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js

185.244.209.62

200 OK

8.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (25972)
Size
8.5 kB (8517 bytes)
Hash
83575afda287eafafb4102f4463ea9a7
241502bfcd1fdaf75068e1f6497e65642ec7981d
6c7258871472c35e8d3f7f4c71550a079165d95f913297204b6746faf5f31f33

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 8517
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-2145"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c8afac5449cca0d08cf2b3a7ca0bc6b5-5688158cd639bc31-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:38+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/bff-api/event-logo/v2/suitable.json?lang=en

178.253.29.47

200 OK

2 B

URL GET HTTP/2
1xlite-660473.top/bff-api/event-logo/v2/suitable.json?lang=en
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=14.09, dt_total;dur=20.727, wf-uht;dur=0.029
traceparent: 00-7962c6ea4d6876b206e48ab040ec4635-0adcc9e766b7c9d9-01
x-dt: 285
x-time-ng: 0.020
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6262), with no line terminators
Size
1.5 kB (1505 bytes)
Hash
09f1bd90913ad83743065cc13ee3e0c6
0f1d49d4ddfccf474d882839c1ac901a8c1d91e6
b0222e16baaccc20a1143166da7715bbab586f1d8d8bebf26f91e98738a55a92

HTTP Headers

GET /_nuxt/desktop/default/css/25e24e18.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: text/css
content-length: 1505
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5e1"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0aa5a3f23199dc90c3772b18bb4e6545-ee86df2ec6a7f605-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:51+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-41260109.js

185.244.209.62

200 OK

21 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-41260109.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
21 kB (20723 bytes)
Hash
21a835136b8ae33cd00097879bb168a6
0be03e28575e2d36f43af705a84d6696e07717d1
cb12d647211b4890761ff8ece8e9fb9b0de34219e200e7a2c8dcc123c3417632

HTTP Headers

GET /_nuxt/desktop/default/vendors/RegistrationWidgetApp-41260109.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 20723
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-50f3"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6da1c07953e8f80d627f5d43fadcaa42-cddcc51da017b6aa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-1ecfb74c.js

185.244.209.62

200 OK

580 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-1ecfb74c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1003), with no line terminators
Size
580 B (580 bytes)
Hash
14565039f0ad5d77219bca259af6c150
e4a754546968a83c871aa2a5f4d88ba141a15fc6
6558d81c13b54927cf40265b22f5c1c9184571e740da752071d574092556fc90

HTTP Headers

GET /_nuxt/desktop/default/betting.coupon2-1ecfb74c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 580
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-244"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8884bd5ddd6350432517e844c6ec75ed-17b319de60f89783-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.47

200 OK

258 B

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
258 B (258 bytes)
Hash
2216064f6e8e7b119b33bc2ba254a857
44b1d49d3830fe68cd9100e0c0cb1a118735a342
2ddaab5f6584b39cf275ac44421b70d4f883defc3771a9c3ed37337316a93cbd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/json; charset=utf-8
content-length: 258
cache-control: no-cache
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:26 GMT
vary: Accept-Encoding
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/common.svg

185.244.209.62

200 OK

62 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
62 kB (62100 bytes)
Hash
8cfde3a5030d46e1f744391dd014c760
61c226aae0aef75f50eae1af1e1cf6f4daf4c6e4
2548ffd1bd5390d8eb80743293e8682be3b27a387827991d929a4d0e6c7f1233

HTTP Headers

GET /sys-icons/1.0.328/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0ad7be3179b820d1968281b94a1992bd-dfdfe58e15921010-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:01+00:00, 2024-04-25T11:15:14+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg

178.253.29.47

200 OK

263 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
SVG Scalable Vector Graphics image
Size
263 B (263 bytes)
Hash
28e2c161800b61b985a163f5c492ae51
8845ea940210b4ccb195cca855a598e6aaa58ed0
77c93c24e4eb0f8815a7526d405818c9a38ba6e4317f1fee588fffbc00cb17de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: image/svg+xml
content-length: 263
last-modified: Fri, 23 Feb 2024 10:01:24 GMT
etag: "28e2c161800b61b985a163f5c492ae51"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg

178.253.29.47

200 OK

296 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
SVG Scalable Vector Graphics image
Size
296 B (296 bytes)
Hash
b1bf63d00887bb0354e9d89c7d790a01
2d64ab25c9afff682abd6732f62ba62a197e972b
a6a4fbbd99a0a82de03f05da827ccd9d019574bf3450727530403c2b5ce92df0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: image/svg+xml
content-length: 296
last-modified: Fri, 23 Feb 2024 10:03:47 GMT
etag: "b1bf63d00887bb0354e9d89c7d790a01"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg

178.253.29.47

200 OK

506 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
SVG Scalable Vector Graphics image
Size
506 B (506 bytes)
Hash
9c340eae608db0c25657b4a73d769afe
988fbf333a2e9290211cd9e6b7c98c59719012b0
b92e969acd8a1e0f9cfd1f84080ca5ccb8cb49b105299434c275a8813faf841e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Fri, 23 Feb 2024 10:03:36 GMT
etag: "9c340eae608db0c25657b4a73d769afe"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-0a5e307c.js

185.244.209.62

200 OK

365 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-0a5e307c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (416), with no line terminators
Size
365 B (365 bytes)
Hash
bda5f679331e3f3a71a5ab33a44cfc03
4aed09967637f2771aa64524e3b2a5a4279466f9
dce768bc7197479f989e5b23944b49c774309864a2d42f9ce0e6da3ffd54a262

HTTP Headers

GET /_nuxt/desktop/default/DownloadAppWidgetAnalytics-0a5e307c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 365
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-16d"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ac7bdea31d11f25e1c18a9f235820a82-a463eef25a6c62ae-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:40+00:00, 2024-04-25T14:32:57+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/bff-api/config/contacts.json?type=2&lang=en

178.253.29.47

200 OK

906 B

URL GET HTTP/2
1xlite-660473.top/bff-api/config/contacts.json?type=2&lang=en
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
906 B (906 bytes)
Hash
5e57488ece417dfb2d0d023a6c9d0423
cc3add288721c1e6c3d3e9413fd0de50a9d38467
8da57ebaa0d0d6ecfbac547e80404973484e6cd38820bb8adfcde943511e4c28

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/contacts.json?type=2&lang=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=30.53, dt_total;dur=36.262, wf-uht;dur=0.044
traceparent: 00-eab4ccdfbcbf3989f59638adc88824d0-25db028671c75a28-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.036
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/sys-betting-app-front/en?tag=d_421509m_1599c_

178.253.29.47

200 OK

26 kB

URL GET HTTP/2
1xlite-660473.top/sys-betting-app-front/en?tag=d_421509m_1599c_
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
26 kB (25559 bytes)
Hash
94a8c0f0d8387494fa8f0dd62835773b
c1bda35b5565d8fb0f6a867188ed054dfa08c2a2
c858a94b00291cfe61a6b1046639690260a68397ed9bb052d82539f73b44a19e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-betting-app-front/en?tag=d_421509m_1599c_ HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
mf-render-mode: json
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: application/json
content-encoding: br
server-timing: total;dur=240;desc="Total __BETTING_APP__", dt_total;dur=269.941, wf-uht;dur=0.293
set-cookie: tzo=3; Path=/
traceparent: 00-3a62491e0617c879159116e1182fe2c5-113a2c323b384bd0-01
vary: Accept-Encoding, Accept-Encoding
x-dt: 285
x-time-ng: 0.257, 0.272
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5638), with no line terminators
Size
1.2 kB (1193 bytes)
Hash
be85f100312ee4f9396b6e89cbcb0fef
3934783d38d182ddcaccfdedbbe4fb65c266864c
06a9b859f60f7872c7beaa8286d3c1f45708dd0e1dee20f4c0d55c8719cc2983

HTTP Headers

GET /_nuxt/desktop/default/css/0e3e1e8d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: text/css
content-length: 1193
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-4a9"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c819e028088a39da9312b7d728901952-666d28f8b5f5fd9f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:52+00:00, 2024-04-25T14:20:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-23d987ff.js

185.244.209.62

200 OK

4.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-23d987ff.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (11892), with no line terminators
Size
4.1 kB (4082 bytes)
Hash
8404462012316144032423ce8fbb64eb
5c746a0ed3594abdc7d43a410293e265dd3b2fca
b1f58b41aa6480dc6df0ae7a62b0726e2cb0b3e5623513aa8e954c87450f7aca

HTTP Headers

GET /_nuxt/desktop/default/DownloadAppWidget-23d987ff.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 4082
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-ff2"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e96ba600c06731a4879a97cf3a1b1578-6e1e18daed51b750-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:40+00:00, 2024-04-25T14:32:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/533c301de43409859c9ade1c76689a51.webp

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/logo-champ/533c301de43409859c9ade1c76689a51.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.0 kB (1046 bytes)
Hash
9fde6b96813e9d630cee2f742a6678a0
b2779d5b996f17f3f8f1c3d80362728a0e146111
f9e0341a1cdc89094e25ed447a66d1b7040951ad6a61d5e4373acd5192d47b7a

HTTP Headers

GET /sfiles/logo-champ/533c301de43409859c9ade1c76689a51.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 1046
last-modified: Sat, 05 Aug 2023 05:41:33 GMT
etag: "9fde6b96813e9d630cee2f742a6678a0"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-991c88ace0f6bff4f9c57b2dd5c1dd28-aea245e8eb162953-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-14T01:38:56+00:00, 2024-04-25T09:29:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/13561.webp

185.244.209.62

200 OK

732 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/13561.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
732 B (732 bytes)
Hash
fcd70681f66a62714457a5ce16743bbe
d4770064f5cb34f28bbae82e1eac289fc1a85881
9ffc7ce36d9bf604b4bdd9a25b117fcaf683adba732b63e87b8b9ca743243f29

HTTP Headers

GET /resized/size16/sfiles/logo_teams/13561.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 732
cache-control: max-age=94608000
content-disposition: inline; filename="13561.webp"
content-security-policy: script-src 'none'
expires: Tue, 20 Apr 2027 20:42:16 GMT
x-request-id: 2e79eb46d7b00c2aada52de2b0f32686
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-794f3776df77d3e06c0cf81145e66c47-74953cc4ab1dd7f9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-20T20:42:16+00:00, 2024-04-21T13:21:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/10b221e82ac32a6455efea6fbeddb699.webp

185.244.209.62

200 OK

738 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/10b221e82ac32a6455efea6fbeddb699.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
738 B (738 bytes)
Hash
5d1811e33c76945383a3f207d158a583
be917e612666e6480c66087f1926ddbe7dae0a0a
d3b5e4fe4c71a648422bdd9369a3c3a5cad7f1bcf2a859e62f025f58c4611e5d

HTTP Headers

GET /resized/size16/sfiles/logo_teams/10b221e82ac32a6455efea6fbeddb699.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 738
cache-control: max-age=94608000
content-disposition: inline; filename="10b221e82ac32a6455efea6fbeddb699.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 08:07:22 GMT
x-request-id: 59d22b2f38a6fcea90bfae604b1ab0cd
x-time-ng: 0.043
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-13964516c001f1a9f321fbc2d003111f-c2feed5021fbc093-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T08:07:22+00:00, 2024-04-25T05:38:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/injector.js

104.18.39.72

200 OK

72 kB

URL GET HTTP/2
widget.suphelper.top/injector.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
72 kB (72045 bytes)
Hash
5bfd2f6f2fd0abe9c62ab67598aa14f6
293f9192260c66870d622938b97e6350da328db7
2904f9d6c0d3b9c0263d15a86c62b359910c611893d322c11a463044756c8fb9

HTTP Headers

GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"32e7a-18f123218ef"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
expires: Fri, 26 Apr 2024 12:35:27 GMT
server: cloudflare
cf-ray: 87a53d4e08f35685-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/4c54ccb9872d84e2426249009fba9b3e.webp

185.244.209.62

782 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/4c54ccb9872d84e2426249009fba9b3e.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
782 B (782 bytes)
Hash
c76b14b8cf68541805dea24015eedee5
37c040a45b574a2a6ad89d4bd40d4b251db02ef7
a0bc3512f8f587b7d8ca171e84186edb8e32898fd3e7be5d57ea2f99e9ef363a

HTTP Headers

GET /resized/size16/sfiles/logo_teams/4c54ccb9872d84e2426249009fba9b3e.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 782
cache-control: max-age=94608000
content-disposition: inline; filename="4c54ccb9872d84e2426249009fba9b3e.webp"
content-security-policy: script-src 'none'
expires: Tue, 20 Apr 2027 11:39:21 GMT
x-request-id: 6138666421c76b96da4d281311a2c848
x-time-ng: 0.037
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9c4c371de9e0af24985952a801328b42-c641af61e67efc24-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-20T11:39:21+00:00, 2024-04-21T13:21:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/024c70f26e9910f5ca869b581f2d957e.webp

185.244.209.62

200 OK

754 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/024c70f26e9910f5ca869b581f2d957e.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
754 B (754 bytes)
Hash
91258a8980f506d2f557c89145bf0684
2c9dfa5fee919521e54302d054f4b1d12136a8b3
0fd29303932784d99810e89da71b3d25f59965fcde4772a32df82c77bcc94ce2

HTTP Headers

GET /resized/size16/sfiles/logo_teams/024c70f26e9910f5ca869b581f2d957e.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 754
cache-control: max-age=94608000
content-disposition: inline; filename="024c70f26e9910f5ca869b581f2d957e.webp"
content-security-policy: script-src 'none'
expires: Fri, 23 Apr 2027 11:22:40 GMT
x-request-id: 2dc13092f6fd580ff7b7e5a17cf0b239
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c5c9e58e582c1d9f9e54dc108ac3772b-f9f55bb817afdf20-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T11:22:40+00:00, 2024-04-24T06:16:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/62e826c6d182adeb2a48b6aa84006d63.webp

185.244.209.62

200 OK

752 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/62e826c6d182adeb2a48b6aa84006d63.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
752 B (752 bytes)
Hash
ce44cdc86e3caf4eafdcd3fcfa7d928d
a03cd10f0b4c8978fa486965ed55f698f67b0a93
d06eb376708aadcc02a1fea985a1215eb22e40d72783bb8cba57fa5317a8e01e

HTTP Headers

GET /resized/size16/sfiles/logo_teams/62e826c6d182adeb2a48b6aa84006d63.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 752
cache-control: max-age=94608000
content-disposition: inline; filename="62e826c6d182adeb2a48b6aa84006d63.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 15:34:50 GMT
x-request-id: a294494f6eb652d35dd33b5dcd6927c9
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-aa26cd5442df5db5b0f4af1b2888e147-74f6b6b8b9971f8a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T15:34:50+00:00, 2024-04-25T11:42:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO

178.253.29.47

200 OK

2.4 kB

URL GET HTTP/2
1xlite-660473.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.4 kB (2413 bytes)
Hash
812c2f39676a30e71127d858e88c0d15
f0e169da1feb9f5dc5171e5c703e87c3789212f2
e44186c360b880fbdfb7d84c89156a688e94f55c2a7f7a58bb176e8024eb1ebf

HTTP Headers

GET /paysystems/information/systems?lang=en&ref_id=1&geo=NO HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
content-encoding: br
expires: Fri, 26 Apr 2024 08:35:27 GMT
set-cookie: application_locale=en; expires=Sun, 26-May-2024 08:35:27 GMT; Max-Age=2592000; path=/; secure; samesite=lax
traceparent: 00-ce0a62d9133ac3ce876779f0ae2ced42-4a1b1400e77387e2-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.207, 0.288
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=302.306, wf-uht;dur=0.311
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/ce3fa972a26580dd26f0a0e27c295171.webp

185.244.209.62

200 OK

742 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/ce3fa972a26580dd26f0a0e27c295171.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
742 B (742 bytes)
Hash
b52c8af2751ebf87592d81551fa8ce8a
a1ef1d4dcc52fd69a8fc7fe95c5bffebe47a8f29
e4ec474c5a452e8548afdfef224862ea6c31cf2f0ed160202be0485bb3491365

HTTP Headers

GET /resized/size16/sfiles/logo_teams/ce3fa972a26580dd26f0a0e27c295171.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 742
cache-control: max-age=94608000
content-disposition: inline; filename="ce3fa972a26580dd26f0a0e27c295171.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 06:54:56 GMT
x-request-id: ae399a2c1ee3bd451212622efa645d0a
x-time-ng: 0.053
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5f01a76014a5b46181f5e2d7c17ec787-76450c6397e870c3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T06:54:56+00:00, 2024-04-26T00:48:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/6a51f9e28f734aeb27d41595080d87a8.webp

185.244.209.62

200 OK

798 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/6a51f9e28f734aeb27d41595080d87a8.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
798 B (798 bytes)
Hash
c57554b97b28a468ef3f790e54b05551
28cce6c041fc35d9783254e55e09b1e27aca9784
6dbb00a2e945b25b9ca2a25d89e259a1db07a87c0cf593d54a980fc6fa55cb9d

HTTP Headers

GET /resized/size16/sfiles/logo_teams/6a51f9e28f734aeb27d41595080d87a8.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 798
cache-control: max-age=94608000
content-disposition: inline; filename="6a51f9e28f734aeb27d41595080d87a8.webp"
content-security-policy: script-src 'none'
expires: Thu, 22 Apr 2027 09:44:46 GMT
x-request-id: fa26c1c2bf6d227423d256bea1b24eba
x-time-ng: 0.039
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b5f2099d872024c7925ad6971aeebecf-0f9db39892494e15-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T09:44:46+00:00, 2024-04-22T14:46:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/64fde3c732b73ca5e558cf0c3ebcc996.webp

185.244.209.62

784 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/64fde3c732b73ca5e558cf0c3ebcc996.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
784 B (784 bytes)
Hash
e7a439033b9bf52e5b4151053de253b8
a7e19bc1ac47d9c8794816ae0ecf566db563fb00
dc73bb1cd3f037af19695aace5e75d91f7d0c694af8890cb3c26002d819b406f

HTTP Headers

GET /resized/size16/sfiles/logo_teams/64fde3c732b73ca5e558cf0c3ebcc996.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="64fde3c732b73ca5e558cf0c3ebcc996.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 05:50:45 GMT
x-request-id: f0b6e9f0dcf5b4b9bd9ac5fd824b95fa
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f283efb01c5378ba1c7c106467326e0c-7635741d5594125a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T05:50:45+00:00, 2024-04-24T14:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/f36595dcf47d6d2a8eb40406e77bec63.webp

185.244.209.62

200 OK

784 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/f36595dcf47d6d2a8eb40406e77bec63.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
784 B (784 bytes)
Hash
ee773a75e9b7343b9be536e18fec12ec
c9c0aa0cf99df25ff407a0f66782136436c44535
7c4ff3bb9deb85e7528de23beb120de1296d139cdb9cbbc0efe1721b9b07c13f

HTTP Headers

GET /resized/size16/sfiles/logo_teams/f36595dcf47d6d2a8eb40406e77bec63.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="f36595dcf47d6d2a8eb40406e77bec63.webp"
content-security-policy: script-src 'none'
expires: Fri, 23 Apr 2027 23:25:42 GMT
x-request-id: 99769e76784b900ecd0a588e75e740fe
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0996502dcf88e44e878316720fe34f13-435107c04187156c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T23:25:42+00:00, 2024-04-24T08:16:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/abd5047899659f1ece26f3fc1e0ab43e.webp

185.244.209.62

792 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/abd5047899659f1ece26f3fc1e0ab43e.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
792 B (792 bytes)
Hash
e15b67c4120b073791174503b5a913ce
bb0e71effac614334190b2b290ad3425ffa6cd23
66e0499b476e737bdc856e010919d7cf0c53d9da5f337a2a722e75ff43278aa1

HTTP Headers

GET /resized/size16/sfiles/logo_teams/abd5047899659f1ece26f3fc1e0ab43e.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 792
cache-control: max-age=94608000
content-disposition: inline; filename="abd5047899659f1ece26f3fc1e0ab43e.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 06:02:28 GMT
x-request-id: 08b2b1117aabc83a80bc6dfa3404c8dc
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6c4593cb9748afc29457ca98b8bc912b-8e39a0ec79ca734c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T06:02:28+00:00, 2024-04-24T08:16:27+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/c4aa3da8b6a25432de30fdec50a3b88c.webp

185.244.209.62

200 OK

830 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/c4aa3da8b6a25432de30fdec50a3b88c.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
830 B (830 bytes)
Hash
f4d7370b7f9d47cae2a26d46261d2932
6da3b8f6f875db8926c953536c406e6cdf334dab
4b1d79b9859313f89ad59bf375f055a39b1d58d8dfc165c5a21978bd47d3d10d

HTTP Headers

GET /resized/size16/sfiles/logo_teams/c4aa3da8b6a25432de30fdec50a3b88c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 830
cache-control: max-age=94608000
content-disposition: inline; filename="c4aa3da8b6a25432de30fdec50a3b88c.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 07:29:48 GMT
x-request-id: d24230ffbc1e61e95580c2a661b01c14
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bffc6e9022854b8e708a88ac8a890f82-988a0b4ec1e630c0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T07:29:48+00:00, 2024-04-24T22:50:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/55037.webp

185.244.209.62

200 OK

718 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/55037.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
718 B (718 bytes)
Hash
a9f6f223bb24cb6ae6b2f63a972bd907
929fa10b42f78995bf0883613d21385aee7d97da
571dff131c23df496c26974538e1ce09cb10bd398490a8d76b2b078700b32851

HTTP Headers

GET /resized/size16/sfiles/logo_teams/55037.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 718
cache-control: max-age=94608000
content-disposition: inline; filename="55037.webp"
content-security-policy: script-src 'none'
expires: Fri, 23 Apr 2027 22:30:09 GMT
x-request-id: 72ae9b755a76af3e028290b715d6240b
x-time-ng: 0.051
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-39f8f36549661d04de8d493790ba2b0c-f04953dc8783df45-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T22:30:09+00:00, 2024-04-24T22:50:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/6dbeac5c5145f549308d542a68c20e37.webp

185.244.209.62

200 OK

722 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/6dbeac5c5145f549308d542a68c20e37.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
722 B (722 bytes)
Hash
a0d8d394cfb4d3b2a7d7f884ea134603
3210661145e9132ae3dc295671e62e48aba861ec
1d374772acde7a0a7d95b213a90f17e01e7ff9c9b68dcf782cf323d1739aef06

HTTP Headers

GET /resized/size16/sfiles/logo_teams/6dbeac5c5145f549308d542a68c20e37.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 722
cache-control: max-age=94608000
content-disposition: inline; filename="6dbeac5c5145f549308d542a68c20e37.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 07:30:54 GMT
x-request-id: 91aa024ebea7707772f8c3357a198486
x-time-ng: 0.052
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9ad3b3350671b588a5cde4425cea072f-92e2e605a1e9aeaa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T07:30:54+00:00, 2024-04-26T07:30:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/62077.webp

185.244.209.62

200 OK

804 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/62077.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
804 B (804 bytes)
Hash
1813d5d6bbca2fdd970146465c3328a5
b935715f253b509df8794f61db3bf96b9a23b484
fc43443fa331112d0bb8d183ff60d5a0fab258eb3adad50fcc99d13f682ddb11

HTTP Headers

GET /resized/size16/sfiles/logo_teams/62077.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 804
cache-control: max-age=94608000
content-disposition: inline; filename="62077.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 07:30:54 GMT
x-request-id: d070a8a43ad635cc37a9d4c6c217f61d
x-time-ng: 0.043
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7d41c943ff45ad4bd41354c828410053-6d42835e4fd3000a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T07:30:54+00:00, 2024-04-26T07:30:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/c39fdc92a32406cfaef3d3df2207c2dc.webp

185.244.209.62

200 OK

756 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/c39fdc92a32406cfaef3d3df2207c2dc.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
756 B (756 bytes)
Hash
1a9f34f746ebccdbd1245f6e0e4da93d
d6fdd0fcb9c5de0c675cb8ad42944a62af6d09e0
682712d3a31e86864cb62dee0aed61d042a405d4ddf8fe3f1fa9f1a79203b3f2

HTTP Headers

GET /resized/size16/sfiles/logo_teams/c39fdc92a32406cfaef3d3df2207c2dc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 756
cache-control: max-age=94608000
content-disposition: inline; filename="c39fdc92a32406cfaef3d3df2207c2dc.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 17:21:18 GMT
x-request-id: 980641cbde185cc8d45b382574256eb0
x-time-ng: 0.041
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fd3cbf35be823639cc5aebaa02936cf4-e3b30b4d64840b03-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T17:21:18+00:00, 2024-04-26T08:17:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/0d71d26ea8c48b2b308d1d654ecaf4fd.webp

185.244.209.62

200 OK

746 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/0d71d26ea8c48b2b308d1d654ecaf4fd.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
746 B (746 bytes)
Hash
f8cb6653db54fa412b7ae78d809b0553
d760759a37afac3e568853f27ba38547404b0864
700ceb56689ad072b2448ab9f668f95ee707b14c93b96f8caf855ad115e73f54

HTTP Headers

GET /resized/size16/sfiles/logo_teams/0d71d26ea8c48b2b308d1d654ecaf4fd.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 746
cache-control: max-age=94608000
content-disposition: inline; filename="0d71d26ea8c48b2b308d1d654ecaf4fd.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 08:17:39 GMT
x-request-id: a17ff70c4a1480f86cbebea88c2b4450
x-time-ng: 0.084
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8cfd914dc17d11732ea3cb4003c4ad55-360ebb00765d4379-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T08:17:39+00:00, 2024-04-26T08:17:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/4c31a91224641afd29679d8664ffcc6c.webp

185.244.209.62

200 OK

740 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/4c31a91224641afd29679d8664ffcc6c.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
740 B (740 bytes)
Hash
fc475816397f664b97a126cf4bac1733
a0ced90e7d00597d0771e2b787d1045bbd32bdb6
7752a47133ea6fef0810d4eefbc6a51199f3558213f72f4d9261b43d07ab9ddd

HTTP Headers

GET /resized/size16/sfiles/logo_teams/4c31a91224641afd29679d8664ffcc6c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 740
cache-control: max-age=94608000
content-disposition: inline; filename="4c31a91224641afd29679d8664ffcc6c.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 23:22:44 GMT
x-request-id: 2ca8c0b0b113b3890e4660e0b23695b7
x-time-ng: 0.024
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d0b74673efe7b2ca9d0621b1163bd707-8f14068ca346241e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T23:22:44+00:00, 2024-04-26T08:14:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/f9bc96d37f382701fd9423489a16dfa9.webp

185.244.209.62

200 OK

820 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/f9bc96d37f382701fd9423489a16dfa9.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
820 B (820 bytes)
Hash
759de76bfcd36cfe62e01582010489e3
c739f295f1794d796834b5c8c4bb65e143b17bb8
a473eec1e21c8bc6334386b0532a3ffb64224efda1f7f9340313dd194b9dded1

HTTP Headers

GET /resized/size16/sfiles/logo_teams/f9bc96d37f382701fd9423489a16dfa9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 820
cache-control: max-age=94608000
content-disposition: inline; filename="f9bc96d37f382701fd9423489a16dfa9.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 23:22:44 GMT
x-request-id: b044d84c98d695f48aaab49bc3d09284
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-032672f448c83035a377042e08bb536f-f65e8e0f1e3c9955-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T23:22:44+00:00, 2024-04-26T08:14:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.47

200 OK

12 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
12 kB (11549 bytes)
Hash
013fa4d1d6aa38a48fb661b10980e851
55283768bcda978503b0720acce16a9c91170784
dee31ff1d5b404aabdfbe00b66b8c5a0368b81dd1b2bced831cdf58420694c18

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: application/json; charset=utf-8
content-length: 11549
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:27 GMT
vary: Accept-Encoding
x-time-ng: 0.020
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.028
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css

185.244.209.62

200 OK

705 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4705), with no line terminators
Size
705 B (705 bytes)
Hash
2b6cccff5325f6e14ccd6ec354319cd6
f4ec05fc468d3daddec1a3d825c29a55ce4b2050
a153e31a0350b58aad71597632348e14c954738845b58f05ca04b8212dbaca38

HTTP Headers

GET /_nuxt/desktop/default/css/ff09be90.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: text/css
content-length: 705
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-2c1"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:36:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-923d3ab4bc1e69aa7370aa314a560806-2e9aae253c075587-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:36:33+00:00, 2024-04-25T19:32:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-942b40c1.js

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-942b40c1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7751), with no line terminators
Size
2.3 kB (2297 bytes)
Hash
232ecfa8f26b49fb3480baefeb590279
833cd5b10a0705d28a970a8bc3a3ab5c66553a84
fca603603d836bc26b0b016e308ef7a897c3109b0a2b25b9c7c87ae0c7e160a1

HTTP Headers

GET /_nuxt/desktop/default/betting.SportsMenuCompact-942b40c1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 2297
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-8f9"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-96d096539ee564b72ac3afcb18abe94f-03d7cf14cee1cf81-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:40+00:00, 2024-04-25T14:54:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp

185.244.209.62

200 OK

8.9 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
8.9 kB (8880 bytes)
Hash
7a49dad906575c61dd636edbe1201479
d4bf0fbfadca8c6d3a7ec8f3d34d08fced98a21d
0e0cd085244f6272acfa6794d90e32685fa203973e85c62fa96f02cddf7172c6

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-58.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/octet-stream
content-length: 8880
last-modified: Thu, 31 Aug 2023 08:11:00 GMT
etag: "7a49dad906575c61dd636edbe1201479"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:21:44 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8154dfcea66144caacfeaf33e4915bbb-fbdf6eabda71daf1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-04-25T20:28:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.47

200 OK

2.8 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.8 kB (2846 bytes)
Hash
7853265d9ed2ba134574e7b90d2c467c
cd4318486c54b0a59a2c967ffb0078258b951985
c9b288baac137cbfcf30dfe6d7326f0334d7d371f29fff2bf5b72d809b2e9f13

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/json; charset=utf-8
content-length: 2846
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:28 GMT
vary: Accept-Encoding
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.021
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp

185.244.209.62

200 OK

6.2 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.2 kB (6158 bytes)
Hash
64ff358fd3a82358542d29d53649dd85
0a15b0731a9468fe49e3b512febe91d951ef6156
a9ae35f930c0bf59e407a0c082347049ae11738d330df4e32f4b2b1129d1470c

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-371.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/octet-stream
content-length: 6158
last-modified: Thu, 31 Aug 2023 08:10:58 GMT
etag: "64ff358fd3a82358542d29d53649dd85"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:04.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-50f5dc866773a1278e6a0e955352f86e-7c060487530242a9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-04-25T20:28:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp

185.244.209.62

200 OK

20 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (19770 bytes)
Hash
2c02d34e261b48da9db2682ad433c5e8
e6b9618ac0040910f755a6f24dcb2f5500bb9aca
d8db064ea1623849ccee86b27bdb7825aa0dc452293576de352f9269af60ecfe

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-249.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/octet-stream
content-length: 19770
last-modified: Thu, 31 Aug 2023 08:10:56 GMT
etag: "2c02d34e261b48da9db2682ad433c5e8"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:00.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3f9f5e406903d13342ff51548fbe9796-2cf3d62786c55f4c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-04-25T20:28:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp

185.244.209.62

200 OK

4.3 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
4.3 kB (4256 bytes)
Hash
8c2b80027d3818f6bc91227418589ee6
c6d3c4595860bd3d685e4ddea5d4610a6f642a9b
cec387d33e94b8222d71031dbda50143a7ea2e1470d2c96c9e147aa4c4a43960

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-69.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/octet-stream
content-length: 4256
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "8c2b80027d3818f6bc91227418589ee6"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5f6b5c6e0acd8519e071ec34f828bafc-1ea4d1e16d909ba3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:23:21+00:00, 2024-04-26T06:02:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp

185.244.209.62

200 OK

6.9 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.9 kB (6884 bytes)
Hash
b7304b532dca88cc708b1c81edf7e051
d9ca9db864badb40bcab6d846ba7110413a339d3
324b9021e7fa1a227b418f5b0707e174d86aa20decea945eab3cea41aac8d2ca

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/games-no-faceless.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/octet-stream
content-length: 6884
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "b7304b532dca88cc708b1c81edf7e051"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:10.000Z
expires: Tue, 14 Nov 2023 18:21:42 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1141679a6a804e19f7dbed073e6a541a-f070479da0484a6f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T18:59:15+00:00, 2024-04-25T20:28:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js

104.18.39.72

200 OK

1.8 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
1.8 kB (1805 bytes)
Hash
5dc32c6d20f9ab021247a0b772450df7
2c1367062dad22e03ad791c156a2f22e4ce6e890
7f1c98955475497ddf741dc2dc2137521d92ca440b74f3ef5538f39f8521ba16

HTTP Headers

GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13495117
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d57d97f5685-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.47

200 OK

2.1 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.1 kB (2096 bytes)
Hash
a7acab15d961e82ec1678eb10cf7b2cf
7448532c3dc2dcb8a1e0bd732e978bbe7df2f50b
84ec171da6587e9f0074ff68e8e893d169299658127ac5b59cfba90493685ccb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:29 GMT
content-type: application/json; charset=utf-8
content-length: 2096
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:28 GMT
vary: Accept-Encoding
x-time-ng: 1.243
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=1.250
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/registration

178.253.29.47

31 kB

URL
1xlite-660473.top/web-api/registration
IP
178.253.29.47:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
31 kB (30987 bytes)
Hash
ceea7fd7e6148fd9dc744fc633e1d416
494d9ec66e794c953a589aee249e25f6d24bfaa0
3e421090d52ac8e0ec38a9f4295b85469b8dc3edbadc39f16aa0bc26c158c285

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 17
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:29 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=35, dt_total;dur=36.108, wf-uht;dur=0.047
traceparent: 00-c4caa5d6733de3d9b1dbdcd6088fb985-5aa86dc5a0c401f6-01
x-dt: 285
x-time-ng: 0.035
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size14/sfiles/logo_teams/10b221e82ac32a6455efea6fbeddb699.webp

185.244.209.62

674 B

URL
v3.traincdn.com/resized/size14/sfiles/logo_teams/10b221e82ac32a6455efea6fbeddb699.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
674 B (674 bytes)
Hash
b4a8f526ca9bb81f25c91c0e882c6947
53c0e3ba9c13752e49aa97bad0a558854b3fb2e5
5716742f3479e12901497b5ea4bccd80ea0a077e5c3db9e8b9f9574829b9d23c

HTTP Headers

GET /resized/size14/sfiles/logo_teams/10b221e82ac32a6455efea6fbeddb699.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: image/webp
content-length: 674
cache-control: max-age=94608000
content-disposition: inline; filename="10b221e82ac32a6455efea6fbeddb699.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 21:04:42 GMT
x-request-id: 3e44b556dec915285b73f5632409329a
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c324b2876a5762c4ba903c79ab3dc271-2776066fb81784fc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T21:04:42+00:00, 2024-04-25T13:48:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size14/sfiles/logo_teams/13561.webp

185.244.209.62

200 OK

710 B

URL GET HTTP/2
v3.traincdn.com/resized/size14/sfiles/logo_teams/13561.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
710 B (710 bytes)
Hash
c892eb40b61a952c49ca1cf173bdf57f
dedd0ce6ea9cace21f2578040ba0b43118b3b6bd
28539b903669e6851d4a2b1a55d10ecff3589bc6688a711389f19183ea8884b1

HTTP Headers

GET /resized/size14/sfiles/logo_teams/13561.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: image/webp
content-length: 710
cache-control: max-age=94608000
content-disposition: inline; filename="13561.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 21:52:46 GMT
x-request-id: 7f51cfe179f88ddf11a4d48210af25f1
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7821e26aa57a21f4040fe5b0b8820694-2d40163f56648512-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T21:52:46+00:00, 2024-04-25T13:48:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg

185.244.209.62

200 OK

147 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 1380x248, components 3
Size
147 kB (147402 bytes)
Hash
9d1ab102184100544b4a72fcc6a8c458
79a64d17a182311cf4f856e39c83e3d9c5b1e55b
0fd0800599423b6bc4c2fe90c96f0025f4dd0d13d0c4b535e9421e21049a0903

HTTP Headers

GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: image/jpeg
content-length: 147402
last-modified: Tue, 11 Apr 2023 18:15:17 GMT
etag: "9d1ab102184100544b4a72fcc6a8c458"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a3f01955c5c15c4720d17cdfb03ddd91-09dfc6263cab9925-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:06:31+00:00, 2024-04-26T08:35:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
15 kB (14610 bytes)
Hash
2ccdf625b855ce93bc9b56a671accd6e
bc8f3a791f6251b714bafad614d15c477ba428e4
c5012a832581da604a5c57e8f822008f749fe484c6d24127ca91232af71169cd

HTTP Headers

GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: image/webp
content-length: 14610
last-modified: Thu, 08 Jun 2023 09:20:03 GMT
etag: "2ccdf625b855ce93bc9b56a671accd6e"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6a345c58d39c319689c22b10c4268630-65b042a06c4c95cf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-04-26T07:36:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp

185.244.209.62

200 OK

20 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (20522 bytes)
Hash
95767496ab1dce71f394c97620666756
127389c7327fec508549222dd477edbd524e33dd
fca493b566204dfff5ef8b8cd6c74c40659c812ac6665696dd5c66c664a31c7e

HTTP Headers

GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: image/webp
content-length: 20522
last-modified: Thu, 08 Jun 2023 18:05:27 GMT
etag: "95767496ab1dce71f394c97620666756"
x-time-ng: 0.006
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8b1f45c4520a76f42faaa3acec3cabf4-7d2190e54118d9ae-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-04-26T07:36:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp

185.244.209.62

200 OK

28 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
28 kB (27922 bytes)
Hash
77673f5b9062ff0a3565cba49941a954
f1c6d769ad6f256677c8558f06c4ee98d8e403d3
e78791dcbada0412db798159d9e781f2a50c12f04be4d0a4ecf96a617ec8b33b

HTTP Headers

GET /genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: image/webp
content-length: 27922
last-modified: Thu, 05 Oct 2023 10:29:56 GMT
etag: "77673f5b9062ff0a3565cba49941a954"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4fc58f4292138151cfa01c8683eb9fab-c1b9a1870e66c8f9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-04-26T07:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.png

185.244.209.62

300 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 1380 x 248, 8-bit/color RGBA, non-interlaced
Size
300 kB (299752 bytes)
Hash
fdecf3160e9463b007fe1dd79c691e41
9983863dc49059c1dd78ed33004cbf7c1d85b8a7
abf03b3d45db9aa0c67769d97f7933383b64ca21f7e993c67666ceca80767192

HTTP Headers

GET /genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: image/png
content-length: 299752
last-modified: Mon, 15 Apr 2024 10:22:05 GMT
etag: "fdecf3160e9463b007fe1dd79c691e41"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d5b076eebeb4859f7475552c0826ed8b-05777df36036a83b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T11:01:09+00:00, 2024-04-26T08:35:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.webp

185.244.209.62

200 OK

27 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
27 kB (27204 bytes)
Hash
234b7215576d30793d525b847dd54694
a67893fb91daefe0d5576d0596387e5b89b70700
9b8287a313e05df6ef1244173a34cc1e93c8345432d481919296df8731383aef

HTTP Headers

GET /genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: image/webp
content-length: 27204
last-modified: Mon, 15 Apr 2024 10:22:26 GMT
etag: "234b7215576d30793d525b847dd54694"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-85d6c30195fa3c77d996445a20b7ed20-8a2fa17a5766d70a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T09:00:01+00:00, 2024-04-26T07:54:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp

185.244.209.62

200 OK

23 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
23 kB (23162 bytes)
Hash
02c73c0e2eaa0c7ad721ac2bafa0bca7
c289c333ee79cc2a3e01d6302e941a22da5e43c4
bcf43c5ae29cad6787c98d92c0e91d7af3c1f912a4abdbca1d397a839e7f61cb

HTTP Headers

GET /genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: image/webp
content-length: 23162
last-modified: Fri, 26 Apr 2024 05:29:21 GMT
etag: "02c73c0e2eaa0c7ad721ac2bafa0bca7"
x-time-ng: 0.045
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-568f9fa94cacea2f337a911101071adc-fe0061a53902fd63-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T05:30:05+00:00, 2024-04-26T08:19:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
1.5 kB (1475 bytes)
Hash
fcdc668aa4137e8d5c8619dc513802ad
99a3032aeed526fa5c14117520baf1f1a4ecb948
e20a579564b3ee010d133c7e81e5cb102a934f2448c8ab9d0cf45eba928dec0e

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 13:43:42 GMT
etag: W/"518e0ae196483ada8b528a1f2b7df0a1"
x-amz-meta-mtime: 1714052428.630038208
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:18:00 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2ace19aabae900ab37784c9a7bbfbf57-032a01a5a99c135b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:18:00+00:00, 2024-04-25T15:47:48+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/09ff2e6a68666a94502b2958e73213a2.webp

185.244.209.62

200 OK

700 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/09ff2e6a68666a94502b2958e73213a2.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
700 B (700 bytes)
Hash
8c1f761a247801990bb0aac47dd7ea7b
cb385dc819d078e661fbc40639e74231c8d8c3e4
ed4836c6cb79c15250234597ea5964cbf4d40cd6d100f87ae91cb6b023e54e73

HTTP Headers

GET /resized/size16/sfiles/logo_teams/09ff2e6a68666a94502b2958e73213a2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 700
cache-control: max-age=94608000
content-disposition: inline; filename="09ff2e6a68666a94502b2958e73213a2.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 08:08:59 GMT
x-request-id: 718a470553f4384c17298a45ce6837d0
x-time-ng: 0.029
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a7a48e9115264bd6623777661a3448a5-f368932c3145131c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T08:08:59+00:00, 2024-04-26T08:09:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
10 kB (10504 bytes)
Hash
86333cbea934986a9e946b95aa05493c
881190f5c3d45343a629b8ce495fbc3beb0acfa8
5eb06d074eea9fb9c229d0d62860086adfe71f96f12d94af9764d8cfa0a579fe

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 11:42:21 GMT
etag: W/"598d5481ac96b9bf8013b0eb1413b8e5"
x-amz-meta-mtime: 1713958799.496295842
content-encoding: gzip
expires: Thu, 25 Apr 2024 15:31:25 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9728c549362869ded9177d187b12c7e8-89cc821ee578f177-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T15:31:25+00:00, 2024-04-25T12:27:14+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/288e85c0b43ff7a301c70e183ba46985.webp

185.244.209.62

200 OK

708 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/288e85c0b43ff7a301c70e183ba46985.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
708 B (708 bytes)
Hash
ad86a3e4861568a1217557a3358ec688
952bbb832bc89aca5be9dcd8b68a658bfcbaf20f
6b9bd9c0958d68d859b64da68845501f6855a80faff6025d2d992aea2ead8cec

HTTP Headers

GET /resized/size16/sfiles/logo_teams/288e85c0b43ff7a301c70e183ba46985.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 708
cache-control: max-age=94608000
content-disposition: inline; filename="288e85c0b43ff7a301c70e183ba46985.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 23:21:06 GMT
x-request-id: 3830f51979cc71be3830259dc809de12
x-time-ng: 0.056
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f331b4d1bac354d1042ef27d74f59792-de6a4f32c1fda0d9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T23:21:06+00:00, 2024-04-25T13:08:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/53817.webp

185.244.209.62

200 OK

776 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/53817.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
776 B (776 bytes)
Hash
0ec6e06c3d1676558f3c938a83746ad9
a17cdc4a57e6551f8eff93aa0b7fe7e19cde4ea6
78dd7990ce3b1ba5f84fe852828162f62549861b86f18d438fc80de45228ace0

HTTP Headers

GET /resized/size16/sfiles/logo_teams/53817.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 776
cache-control: max-age=94608000
content-disposition: inline; filename="53817.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 23:21:06 GMT
x-request-id: 43698c78d808963316cd4486524c0c55
x-time-ng: 0.068
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e713bfbf2640a897f335a7dff7a58b2b-f4364887523da4df-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T23:21:06+00:00, 2024-04-25T13:08:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/registration/fields

178.253.29.47

200 OK

7.6 kB

URL POST HTTP/2
1xlite-660473.top/web-api/registration/fields
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
7.6 kB (7559 bytes)
Hash
3b5fc74c6bee5ffbc649f663e5f6c1a3
0f00adb4eb180726ecd2abcc2317a29beceb13bd
fe1005c8a0940ff6384b2b89aa744d692b9aed79f1d72cecfa11d1bb11fa7294

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration/fields HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 19
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=86, dt_total;dur=88.658, wf-uht;dur=0.099
traceparent: 00-b3eaa604e5074e3d3b41ef4953eec208-ff07efb105ecf6b8-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.088
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/d77bc0b692c4fb1d996a465f1ef61ba4.webp

185.244.209.62

200 OK

764 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/d77bc0b692c4fb1d996a465f1ef61ba4.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
764 B (764 bytes)
Hash
604be6691b5f9e0b290b6cec31bd4a3a
96e059d32c06ccd3c4f52d497b019566845dc481
be2378636df55a42f4b97185c47c9636058986e026136e443fd96daa67f7408c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/d77bc0b692c4fb1d996a465f1ef61ba4.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 764
cache-control: max-age=94608000
content-disposition: inline; filename="d77bc0b692c4fb1d996a465f1ef61ba4.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 09:03:45 GMT
x-request-id: c55736ce8a40d2db31200f53395a1735
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9c1b190ddf6faab451935027a25461d0-b17a991902c37168-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T09:03:45+00:00, 2024-04-25T09:33:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/067e2b128e50ec1214f8cdf0a1218f76.webp

185.244.209.62

200 OK

830 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/067e2b128e50ec1214f8cdf0a1218f76.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
830 B (830 bytes)
Hash
7e4023be9caf94eed83bebc7dd50c82d
0617bb509fff0b28495ed8dd8711ab3140ded632
b2756f7498777523b387633cf5efca35c83090494f10b34bb5f5d30bc7330d44

HTTP Headers

GET /resized/size16/sfiles/logo_teams/067e2b128e50ec1214f8cdf0a1218f76.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 830
cache-control: max-age=94608000
content-disposition: inline; filename="067e2b128e50ec1214f8cdf0a1218f76.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 09:31:52 GMT
x-request-id: 8dfadeb527745a9fde2172d47ea5e696
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bcfbe19f10992a3937053fb713d77704-e643f955f13576da-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T09:31:52+00:00, 2024-04-25T09:33:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
10 kB (10238 bytes)
Hash
67a92abd21beb4941da04926c8f49e85
b64ffba3cbcaa26c7923c73cfb708b74a9748734
9a4a1ca64cb8d07b5b14862f7f1d7a1d2a519e8cb1c5f074b4ba504238cbafd1

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 10:33:48 GMT
etag: W/"701ad5a22b8ea7213a53e334d0898349"
x-amz-meta-mtime: 1714041104.909613795
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:41:55 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a79f6dc61cbc00c8d5739b1c8febbb99-63fadab57cfd8e94-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:41:55+00:00, 2024-04-25T12:44:11+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/cf82ab5e81670fcd50e35518f851dc26.webp

185.244.209.62

200 OK

744 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/cf82ab5e81670fcd50e35518f851dc26.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
744 B (744 bytes)
Hash
95f8908b40053ab5d45a50a47c331c56
dc018e09d51776322be7f82d0546e3e3ae4e0c1c
70455ec60ed7bdd711c1d8bf74048b1c22635d6cb16956df4a1059fd38e0d128

HTTP Headers

GET /resized/size16/sfiles/logo_teams/cf82ab5e81670fcd50e35518f851dc26.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 744
cache-control: max-age=94608000
content-disposition: inline; filename="cf82ab5e81670fcd50e35518f851dc26.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 13:08:51 GMT
x-request-id: cbcf813cbc60f7891fa9f7d69d1977fa
x-time-ng: 0.050
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-311b8ac16c84ac7904391c132557c012-9b18905c3d64648f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T13:08:51+00:00, 2024-04-26T00:48:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/d802ab668432330521d486bc70d8431c.webp

185.244.209.62

200 OK

730 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/d802ab668432330521d486bc70d8431c.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
730 B (730 bytes)
Hash
b8a7be7e4c40a2053db38dd64b75aa03
a04b684df6a0b17de38450cea48f7d79eec5e58e
ea013ee9cef07c8a371e914feca91ec86b8bf594be358d76f4ff9f9444babd80

HTTP Headers

GET /resized/size16/sfiles/logo_teams/d802ab668432330521d486bc70d8431c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 730
cache-control: max-age=94608000
content-disposition: inline; filename="d802ab668432330521d486bc70d8431c.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 13:08:51 GMT
x-request-id: 47fb9fcc6286215d94cfb8c0b25ceba1
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d842b6d775625ca8cbe26035c7e1442b-e261b7b894b64065-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T13:08:51+00:00, 2024-04-26T00:48:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/b0c42558eabfccc4e6924ddfa5f45564.webp

185.244.209.62

200 OK

722 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/b0c42558eabfccc4e6924ddfa5f45564.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
722 B (722 bytes)
Hash
3f13b4f3f57912e5895f88b772bcf206
730c487e1f67f1c1b4351e7cea341f0b731aaa18
2fe4235b8ba47b2939d538c690546dbae4f3709dea293cfc53043de3971892ca

HTTP Headers

GET /resized/size16/sfiles/logo_teams/b0c42558eabfccc4e6924ddfa5f45564.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 722
cache-control: max-age=94608000
content-disposition: inline; filename="b0c42558eabfccc4e6924ddfa5f45564.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 14:53:12 GMT
x-request-id: 1daba44c42456ca18cbefc5075e6a549
x-time-ng: 0.028
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-88fe7b851b9e959195b84742df743d10-392526f0cadaf51a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:53:12+00:00, 2024-04-26T00:48:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/d31f9de222cb31f4afaacfbf258bf75c.webp

185.244.209.62

720 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/d31f9de222cb31f4afaacfbf258bf75c.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
720 B (720 bytes)
Hash
9d40a0747b5e319f9db9c650d47e3a0d
4a79289ee8da899dacc8c8078f583d9a6e56422c
365f0f719d89c21c4a0e13bcf27fee3fe7fe9c89c5c470c6020630837afce4fd

HTTP Headers

GET /resized/size16/sfiles/logo_teams/d31f9de222cb31f4afaacfbf258bf75c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 720
cache-control: max-age=94608000
content-disposition: inline; filename="d31f9de222cb31f4afaacfbf258bf75c.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 14:53:12 GMT
x-request-id: 9ad48ec47772571f3cc53815abec9254
x-time-ng: 0.031
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-06e9266bfc9a7752978e2b280cdee4fe-3f18623ee8587fb7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:53:12+00:00, 2024-04-26T00:48:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8d65191600258d3f3301fb26189387f2.webp

185.244.209.62

200 OK

722 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/8d65191600258d3f3301fb26189387f2.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
722 B (722 bytes)
Hash
d43f85d7407f8d24b460bea71c03d7e6
6bb35c2b6f57a750705738eaf246d6ac9b5476cd
94f8f7ddbfb57963e8171144e2619416188abb3e5c5cceb406d4216a36ae2574

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8d65191600258d3f3301fb26189387f2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 722
cache-control: max-age=94608000
content-disposition: inline; filename="8d65191600258d3f3301fb26189387f2.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 13:42:19 GMT
x-request-id: b2c654fc498cab735b9b6b115a8f6285
x-time-ng: 0.041
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0a76ed41b818d42afb1da5c27324661a-43fde36af75d0415-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T13:42:19+00:00, 2024-04-26T00:48:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/75f7046449e13b25c2b9e8cab3224c12.webp

185.244.209.62

200 OK

782 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/75f7046449e13b25c2b9e8cab3224c12.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
782 B (782 bytes)
Hash
b93d204f4f50cba6caf1b8534bfbe0d6
88b930c66a7e3fc1b25b94101ad2cd11c0c80f1f
f19ce431167da407f745ec71d75388cbfeefd8ee269be5243aaa174e861a9d2a

HTTP Headers

GET /resized/size16/sfiles/logo_teams/75f7046449e13b25c2b9e8cab3224c12.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 782
cache-control: max-age=94608000
content-disposition: inline; filename="75f7046449e13b25c2b9e8cab3224c12.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 13:42:19 GMT
x-request-id: 8d8e2df17d493dc328e23b475a7ed402
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-beea1fd956636f5d6a506c3ae99052a2-c7bbaba5e214e979-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T13:42:19+00:00, 2024-04-26T00:48:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/185c7079f559ae3baeb1d017deda8906.webp

185.244.209.62

200 OK

624 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/185c7079f559ae3baeb1d017deda8906.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
624 B (624 bytes)
Hash
d97b21d368c6244d24961fec1d2e8c01
e0017660f5960d12df25392feeb7495677a60f5b
e26bc3cdb0567d3d3df7a2a356eccb382bc6c648057ac761d211bdbe62b8e202

HTTP Headers

GET /resized/size16/sfiles/logo_teams/185c7079f559ae3baeb1d017deda8906.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 624
cache-control: max-age=94608000
content-disposition: inline; filename="185c7079f559ae3baeb1d017deda8906.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 13:42:19 GMT
x-request-id: 6dc20bc00887632969a0c14d452e174d
x-time-ng: 0.040
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-094ba6401d578ae85926d2506a6f2a7a-e0c31dc34716dc3a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T13:42:19+00:00, 2024-04-26T00:48:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
22 kB (21919 bytes)
Hash
3fd01afa6ead67395b1864bf775315bd
d820f3d8c0e4410052084a252788a6719d341e4f
ff01c1fb1816afb0a12db20944731b3705fdca8f4eef53c08b03d3ff5bbd796d

HTTP Headers

GET /sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 14:15:00 GMT
etag: W/"138de5d55ee831195dd90bbf5c557926"
x-amz-meta-mtime: 1714054361.504148121
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:18:02 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7c392e31ee82ff8d8749941a8819c466-ce807a92b38eb722-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:18:02+00:00, 2024-04-25T15:52:17+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/733751.webp

185.244.209.62

200 OK

788 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/733751.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
788 B (788 bytes)
Hash
a513aef0db711ec6d458e85065737336
261fddd3cc13954d31f7a4b1b42bd43d565fb4c0
e30c6d3cdb093dadfa955350031c9ca15c485324d4cdf57b121b0186df6c2139

HTTP Headers

GET /resized/size16/sfiles/logo_teams/733751.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 788
cache-control: max-age=94608000
content-disposition: inline; filename="733751.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 14:53:12 GMT
x-request-id: 82a66d53fb1334b02424c4e94e320050
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8a4e4000170d1c3817e7dc92ebb4a546-c49ac27ac2e2fd83-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:53:12+00:00, 2024-04-26T00:48:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/93b59b9a59467b8cf5ca3c6a875c586f.webp

185.244.209.62

200 OK

748 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/93b59b9a59467b8cf5ca3c6a875c586f.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
748 B (748 bytes)
Hash
a026bb2d7b20e861fa48443521666de2
cac99853fe506bee23ef70fdf8c932e426e42d75
c27c4b1d6c24cc4d5ec59cdb9dc73a5e117caec00c6e9ffb429f04886c323fa0

HTTP Headers

GET /resized/size16/sfiles/logo_teams/93b59b9a59467b8cf5ca3c6a875c586f.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 748
cache-control: max-age=94608000
content-disposition: inline; filename="93b59b9a59467b8cf5ca3c6a875c586f.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 14:53:12 GMT
x-request-id: 6fc28cdd90e4934eb61fa00c6153a759
x-time-ng: 0.091
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bd79c946881c187b0f32bef4f484d415-f3c93eb7bb007d8e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:53:12+00:00, 2024-04-26T00:48:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/2a0c152e2cfba19ed995e274957cbc8a.webp

185.244.209.62

664 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/2a0c152e2cfba19ed995e274957cbc8a.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
664 B (664 bytes)
Hash
35d87e9866410767d33e958205017469
1e810661059e01be81f1cde3992d486a0ed99019
b3c3283ecf720d6396020dfd83e1b26894a720978a1a54375c174d07f9e73d8c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/2a0c152e2cfba19ed995e274957cbc8a.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 664
cache-control: max-age=94608000
content-disposition: inline; filename="2a0c152e2cfba19ed995e274957cbc8a.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 06:55:53 GMT
x-request-id: f19cc3a0b663b7534fbc14f87bd1f746
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4b8e6a84e8ec35764e103761515e9f57-a819822d5fc467a1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T06:55:53+00:00, 2024-04-26T08:14:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/55872a8d551d516d53c1409f9884aae7.webp

185.244.209.62

200 OK

764 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/55872a8d551d516d53c1409f9884aae7.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
764 B (764 bytes)
Hash
78f6368d2118b53c925c00f3b4551819
4da5933f3feb5b4b439aa7d2f750f66b5c76d302
c5544b10c89118d6c9d1d0f9d164baa9707baa2a2db7555561589e0fedbddc2f

HTTP Headers

GET /resized/size16/sfiles/logo_teams/55872a8d551d516d53c1409f9884aae7.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 764
cache-control: max-age=94608000
content-disposition: inline; filename="55872a8d551d516d53c1409f9884aae7.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 23:22:44 GMT
x-request-id: 4985faefdd4606492ac9c880be0e3700
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-547fc4371108c3125250ff5615217b6f-747fdbff6f2edf07-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T23:22:44+00:00, 2024-04-26T08:14:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5171), with no line terminators
Size
1.1 kB (1050 bytes)
Hash
5d231bea9b7df6bc1e9e74e3c0a231e1
2ef607f0c766fff1b4b1e90a2d98e7094c81721e
c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b

HTTP Headers

GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: text/css
content-length: 1050
last-modified: Wed, 24 Apr 2024 11:16:26 GMT
etag: "6628ea0a-41a"
content-encoding: gzip
expires: Fri, 26 Apr 2024 08:08:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5e9ac559f3ab6bf31493b19199fd1eae-5113648ad8fdddfc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T08:08:31+00:00, 2024-04-25T10:16:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json

185.244.209.62

200 OK

13 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (54268), with no line terminators
Size
13 kB (12709 bytes)
Hash
3a8791d5849ea03a2cd6fd25461e9a83
df9eb63e7bd4114b47d652163dc98ca9a48a2123
2331a70191dabd3ea32aa7813cfde1195f139d83ddaa1ccf171890083a440af9

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_short_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: application/json
last-modified: Fri, 26 Apr 2024 05:55:39 GMT
etag: W/"d3e39abc76f19e176765d21ac9e70c5c"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-625f97352ddb03e01db7fa7d4363eb55-cc25088cbaddcb2e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T06:43:25+00:00, 2024-04-26T07:55:29+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/bff-api/config/all.json?lang=en

178.253.29.47

28 kB

URL
1xlite-660473.top/bff-api/config/all.json?lang=en
IP
178.253.29.47:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
28 kB (28393 bytes)
Hash
a5656f35bc8f26354921e414005ed7b8
9472ff88701966ef7359bcd29596dcc8ddd3aa72
0230bd32c0f00da946eb7b7543642ece772da8d793beaf121840ebc24411094b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/all.json?lang=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=2.63, dt_total;dur=76.531, wf-uht;dur=0.091
traceparent: 00-fe9b44e93dccc3d9a0abbf56f93f7ae7-8629b556eab0ea04-01
vary: Accept-Encoding
x-cache-expire: 55
x-cache-hit: 1
x-dt: 285
x-time-ng: 0.055
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/034cd6868126.js

185.244.209.62

200 OK

68 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/034cd6868126.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
68 kB (68342 bytes)
Hash
2c9e30359e0f4d776f4224c8155ae062
702613adb7cc20452ad90b7c991ae88f5dcca0dd
60f25ac474768a748d48c3fbcdfc462a4f04b35eb0426ce6f493da21c3fdd4c8

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/034cd6868126.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"a2bb3a4f84cc4e6bfba45a8e4c3932e1"
x-amz-meta-mtime: 1713875281.673615027
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:16 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c8c628d2e6506b2e24d74b757e1439c2-cee1fb81d864b021-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:16+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d63b25015d05.js

185.244.209.62

200 OK

504 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d63b25015d05.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (503)
Size
504 B (504 bytes)
Hash
cdd39c58f3e34ab3b3329f45f9e6199e
ec9449f5d9bcf93d4353bec1ba69d01e9d36bf7a
ace508d846e5384ef8bab277ab6b1ebfa8cdb6d273c9c06a507a84531fe1a7eb

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d63b25015d05.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: text/javascript; charset=utf-8
content-length: 504
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: "cdd39c58f3e34ab3b3329f45f9e6199e"
x-amz-meta-mtime: 1713875281.741615558
expires: Wed, 24 Apr 2024 12:55:16 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-caad90d80e716440f4785aea5e99e71c-209eb40244d08320-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:16+00:00, 2024-04-25T14:33:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/93ec59abc015.js

185.244.209.62

731 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/93ec59abc015.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (730)
Size
731 B (731 bytes)
Hash
7d7870ff5bec46f886d9df91c47f1bd0
ef32d1ab97e139ebf8d154c12b9feadcb7bab591
2b948582d897b0b58d607b573884d441ab2f9320770a69bf3a4b24a92fc3778e

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/93ec59abc015.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: text/javascript; charset=utf-8
content-length: 731
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: "7d7870ff5bec46f886d9df91c47f1bd0"
x-amz-meta-mtime: 1713875281.725615432
expires: Wed, 24 Apr 2024 12:55:15 GMT
cache-control: max-age=86400
x-time-ng: 0.004
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8674e6bcea34da28440eddb670424aa7-9f96bb403b797a63-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:15+00:00, 2024-04-25T13:05:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714120532

178.253.29.47

200 OK

143 B

URL GET HTTP/2
1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714120532
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
143 B (143 bytes)
Hash
36d950f686c33c00777c2008a14bc836
3a2cf6c3e394e30a1af5757110710ac8179a5abe
b20377ba9973e5bb8396859df5fed3bb217fcf813c87683c3957e9d6cb3591b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1714120532 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=15, dt_total;dur=16.344, wf-uht;dur=0.028
traceparent: 00-c6ddfeb5aea88c41fb80c489cd73a4ac-8fd3d5284fbfead2-01
x-dt: 285
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css

185.244.209.62

200 OK

23 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
23 kB (23136 bytes)
Hash
7cacf9970a91a4a0558bf854b183b3c1
dcec6cb3ef0868629c2d14b236fd6b2c18f2ee10
38786ae1fcaaafe0217e63885e35452bda833cb03174235ccdbf559070dceccb

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:11 GMT
etag: W/"6aa11e1c24ebb592cd2fe02d36340453"
x-amz-meta-mtime: 1713875281.633614714
content-encoding: gzip
expires: Thu, 25 Apr 2024 12:27:42 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-048b7454b8cf275667cb46d527857bd1-c82e8825da45a7aa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T12:27:42+00:00, 2024-04-25T14:20:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/01023f59e318.js

185.244.209.62

200 OK

372 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/01023f59e318.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (371)
Size
372 B (372 bytes)
Hash
95f43fd089613a8f57a2ddcbce517853
ae316accba7d55342e6287aea6e3282314e054e7
61dda30ecb2fd311698e84921bd8b28615c96fe7bd39fae2f3bbef3cb61e2b03

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/01023f59e318.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
content-length: 372
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: "95f43fd089613a8f57a2ddcbce517853"
x-amz-meta-mtime: 1713875281.673615027
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-215961ea03973d1ed4a334a383a2c1bf-563233bbae195e26-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json

185.244.209.62

200 OK

6.8 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
6.8 kB (6756 bytes)
Hash
67550738af3565bb3e41c09202990b2d
f5f9abeb71d3e6c752a1bf57b6b5005d9c60b49c
07e8a1bcc2aa4bd8ca4abb7c572fe7dbbddabde70fad63aec2cade5d13d1c004

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_full_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/json
last-modified: Fri, 26 Apr 2024 05:55:45 GMT
etag: W/"65c4f8441dea9f78c50a9fc7029f9193"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9aa66818f80c9333aa33eeeaf390cb0d-953fddc9fed31fd2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T07:37:57+00:00, 2024-04-26T08:32:18+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js

104.18.39.72

200 OK

281 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
281 kB (280574 bytes)
Hash
5ad756fe09a64637a28a35f181dbad41
3c48e5c0fb8ffd618d5f75370684226db2c889ec
44ed33d8bcb3c0c47a7e4d640c37b1467988bd5f6d7a21dce768225e27c03fa5

HTTP Headers

GET /_next/static/chunks/pages/_app-a10a22844227e6a6.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"f8027-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 94667
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d57d9855685-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js

185.244.209.62

200 OK

450 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (449)
Size
450 B (450 bytes)
Hash
056ce527a12544a37f984ac598be2344
6946b65cf1c68960e5f9ac0900a0df66a13e7e85
cd7cdf53c803ca43a37171180d14c2374e45ab347d309f9b83a107b9ad9b4ed1

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
content-length: 450
last-modified: Tue, 23 Apr 2024 12:34:12 GMT
etag: "056ce527a12544a37f984ac598be2344"
x-amz-meta-mtime: 1713875281.717615371
expires: Thu, 25 Apr 2024 08:42:34 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-00772e042282912bf68e6e1ab3591d39-901207730fd10875-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T08:42:34+00:00, 2024-04-25T15:38:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0b23288bd734.js

185.244.209.62

200 OK

9.1 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0b23288bd734.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
9.1 kB (9084 bytes)
Hash
329722d83ed5db1358316d90ff0bcddf
9715aa1469d0ed153930753a9cd6406a9a379882
6c63697638611170f25ebe6b64ca5674da3c60ef6779f10300ba7da49a906a2a

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0b23288bd734.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"ac462273a8335f158ccd0812c8d96cca"
x-amz-meta-mtime: 1713875281.673615027
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-45b5dd324289d0f9166c53422f9a855a-28a6709a8bfbfc9d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.47

200 OK

2.8 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.8 kB (2849 bytes)
Hash
c7d3f96abdc212a3533b98bb211d21c2
d9e8eae77efb1b0137572a3f3543751a72403d4f
eb222e32a13ce3de76cf05aad540851c5402526800b9a5daccdd0523b344a3ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:34 GMT
content-type: application/json; charset=utf-8
content-length: 2849
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:34 GMT
vary: Accept-Encoding
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.017
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js

185.244.209.62

200 OK

543 B

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1024)
Size
543 B (543 bytes)
Hash
8fecd56fc5520134f3c39b17431fe0c2
e0cedac030a1fcf68779a592ed9e0775beb45123
3e01dfddf1e68faa32769d615eeb0e838a29241d18a57090040c595ee05f0ba8

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 13:13:28 GMT
etag: W/"8fecd56fc5520134f3c39b17431fe0c2"
x-amz-meta-mtime: 1714050698.034158118
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:17:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ef7a8e8bbedd3bb3ab0c86b06309497e-6dcd1cc65d9b1eba-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:17:53+00:00, 2024-04-25T15:53:11+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js

185.244.209.62

162 kB

URL
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (43061)
Size
162 kB (161581 bytes)
Hash
996cf7cf59d5c7e643e9f9f0696da27a
366190f8d9443c0c04b4b40ab5c43686c1ea1411
b442a4f24296f6541aa5c7e777f6b2cb4eb25b2d90173791a5338ef8991283d3

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 10:33:48 GMT
etag: W/"67267513246705d46a0bb83e1f8efd2a"
x-amz-meta-mtime: 1714041104.905613859
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:41:55 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0c4c337953a3715fde069af25ef738af-987baab9f03d5cdb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:41:55+00:00, 2024-04-25T12:44:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9a596f911770.js

185.244.209.62

200 OK

23 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9a596f911770.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
23 kB (23107 bytes)
Hash
998943bd577ae8110c42a8436ed5e8c8
127a7ad3b343a6a4efdda6972284d46d27f8b079
fda353ac34354f602458c137f9a98a7b7816c197a6919de47d8e1432b9d535a4

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9a596f911770.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"37522b6a3d761c89809cb6f794ead60e"
x-amz-meta-mtime: 1713875281.725615432
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-644ef8b84adbfbf8ee1266da5becb85c-2730efa733406be6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:57+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-372f5fe6.js

185.244.209.62

200 OK

801 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-372f5fe6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
801 kB (800866 bytes)
Hash
cf30a13fe6f9b3c77076a7a13e8d6bd3
84c8177f5cd635d5a9833385337aec4cf9ac406e
90197a6c3d4f78e227deef696003a0829b430340fcd3a124137bb780af21fdce

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-372f5fe6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:29 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"e0292fb628a2f149f222bae2c2246200"
x-amz-meta-mtime: 1713875281.745615589
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:06 GMT
cache-control: max-age=86400
x-time-ng: 0.010
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-540a3366bbe4f722c47a15735fdfc637-751da8ead8f03bce-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:06+00:00, 2024-04-25T13:42:39+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:35 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-eae1d0bcc5d46b4ede217bc4622df089-b907f0be45c61832-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-04-26T07:36:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:35 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6ba729708416bbda2c37c10df23b9ea8-1883f33575000224-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-04-26T08:15:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4efc36d7a3c7.js

185.244.209.62

200 OK

11 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4efc36d7a3c7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
11 kB (11418 bytes)
Hash
e818ab4619ceea763647581c1af758cf
dbb8b870f222dd4c6dc4ebb968fbbd5a0ded9861
9b406127658d01f4265a70c1d807d85aa2705b7cedcdcc4b97e0da3e7b4cbf16

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4efc36d7a3c7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"d6054001e832a4dbc81c272445edf992"
x-amz-meta-mtime: 1713875281.705615276
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4bc4daa893b92bcfb795a27873bb627d-e5fcaf4974f19354-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:53:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.47

200 OK

12 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
12 kB (11515 bytes)
Hash
d8e3b2afb3f964271aef08e4fd5428b4
4349f790c43387e91a9602783a00275a886cf635
901197ce054e6627196cd8f9e69e5ef7b2822c3c3b669b521f70061ae5489bc5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:37 GMT
content-type: application/json; charset=utf-8
content-length: 11515
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:37 GMT
vary: Accept-Encoding
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.024
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:37 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6880b56d2e3bce7a3f0fb5c939ad3401-16c7e8ac25d4da56-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-04-26T07:36:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:37 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6b67088320a9cbeb7caff94287a4557e-1039b9e8f3692ee1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-04-26T08:15:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:37 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4733be9c4474e70859a6c39c40f6cf6f-5cf99ea854c9f3a2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-04-26T08:15:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js

185.244.209.62

200 OK

2.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6444), with no line terminators
Size
2.4 kB (2434 bytes)
Hash
14c0a5b475850d7da7e8459bf9df5766
f4cbfa40f0f3e3781d23a8a2e3715bf8252a2402
a6a30f6358ba3aea4d315b8838587ef81df7d171d0f84e2aa6d6faaadad614fd

HTTP Headers

GET /_nuxt/desktop/default/analytics-c706fc54.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-982"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:50 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-939ce42077f532e011561b7d3aec7cad-415ed43563b12728-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:50+00:00, 2024-04-25T14:33:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.47

200 OK

471 B

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
471 B (471 bytes)
Hash
2216064f6e8e7b119b33bc2ba254a857
44b1d49d3830fe68cd9100e0c0cb1a118735a342
2ddaab5f6584b39cf275ac44421b70d4f883defc3771a9c3ed37337316a93cbd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:38 GMT
content-type: application/json; charset=utf-8
content-length: 471
cache-control: no-cache
last-modified: Fri, 26 Apr 2024 08:35:38 GMT
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2

1xlite-660473.top/hd-api/external/api/web/v1/j/790k4g705g6h0757b8422b65a96142193bdbdae4f287af8b0df5

178.253.29.47

200 OK

516 B

URL POST HTTP/2
1xlite-660473.top/hd-api/external/api/web/v1/j/790k4g705g6h0757b8422b65a96142193bdbdae4f287af8b0df5
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
516 B (516 bytes)
Hash
72bda2ace38e338d4fc3696f61ad5bd1
fd9dc022bc99d9bd75eb97dcd8116a4903acc057
273859c1972bdacb278fc323f10ff3943c9a8d38126fc308b419c5aa5241643b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/api/web/v1/j/790k4g705g6h0757b8422b65a96142193bdbdae4f287af8b0df5 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105936
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:38 GMT
content-type: application/json
content-length: 516
content-encoding: gzip
traceparent: 00-f8d5c747a32686958c7c801ad95c7413-6ac36572e7ef41cf-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: f3f96e91c2ca71969c0f74d0cbb206ed
x-time-ng: 0.008
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=8.532, wf-uht;dur=0.032
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.72

200 OK

63 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type
JavaScript source, ASCII text, with very long lines (1763)
Size
63 kB (62937 bytes)
Hash
fd9244857bf0662cf25ac4e18b6ab276
2d93ea416dba4d5cdb6468f6096cc484ab62e2f6
ccfe4494f3a08377a14704a0daa98d09fc2210e4109f1b35d43a411cf75d093c

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 08:35:38 GMT
expires: Fri, 26 Apr 2024 08:35:38 GMT
cache-control: private, max-age=900
last-modified: Fri, 26 Apr 2024 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 62937
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.330/285/common.svg

185.244.209.62

200 OK

165 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.330/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
165 kB (164803 bytes)
Hash
f1c3ed1869c67d63d9d244c3abaf2a61
8cced8f86058020cf92056efa2ecf48991247fa5
279711ecf07f1ab9026df6f0c6d4e20106e5d862cd86778714e9a9c6409a8ddd

HTTP Headers

GET /sys-icons/1.0.330/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 09:41:01 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713260458.134664491
content-encoding: gzip
expires: Fri, 19 Apr 2024 12:42:12 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a00d55ee7caa70620f969fc5c87a1eb3-ea5f7672c2fc02ff-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:42:12+00:00, 2024-04-25T13:53:27+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c

142.250.74.72

200 OK

105 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10899)
Size
105 kB (105004 bytes)
Hash
7028c121505b76e3a85bc885cde4ca84
bbf65011ab79177a8daff899813bc268e8c2ab77
047f83427695c169755c344ab922369bf57f15b764f6d61fce33dd7e583c91a6

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 08:35:38 GMT
expires: Fri, 26 Apr 2024 08:35:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105004
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

154 B

URL GET HTTP/1.1
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 26 Apr 2024 08:35:38 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Fri, 26 Apr 2024 08:45:38 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/64dfdd8b8c9a.css

185.244.209.62

200 OK

47 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/64dfdd8b8c9a.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
47 kB (46685 bytes)
Hash
152da3b3b11bfe754049ec5cb1a28340
5a2b7cbe2b47e950e03a3e98489b79de61d3374a
628352e7e0beafc9523e5ba9483938bed2937ea66d842a1e160451067183d0c2

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/64dfdd8b8c9a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"2605377ca9d2798b33fd07bc8da267d2"
x-amz-meta-mtime: 1713875281.709615308
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:05 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-386f2a7220e18bf506639287c21cb65c-7a8357530e4d8d22-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:05+00:00, 2024-04-25T13:05:49+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=825812417.1714120539&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=668873959

142.250.74.67

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=825812417.1714120539&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=668873959
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
FingerprintDE:35:DD:F6:8A:FF:6F:9D:0E:3D:27:DD:E2:B8:DE:CE:A4:6A:C8:C9
ValidityMon, 08 Apr 2024 07:44:18 GMT - Mon, 01 Jul 2024 07:44:17 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=825812417.1714120539&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=668873959 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 26 Apr 2024 08:35:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

271 B

URL GET HTTP/1.1
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
271 B (271 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 08:35:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:51:01 GMT
Vary: Accept-Encoding
ETag: W/"65c9ea05-186"
Expires: Fri, 10 May 2024 08:35:39 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js

104.18.39.72

200 OK

32 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
32 kB (32505 bytes)
Hash
862c8aa01451cd1be16f8b30f703283a
c0cab1f3e6ff34f3b6689738188a18bcb6ece796
75d5a442e86eee07f9ff8dae6c4db7774a19d92c07a03b96ae63fe78be08d127

HTTP Headers

GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13403995
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d57d9845685-OSL
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714120538526&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=825812417.1714120539&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714120538&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%3Ftag%3Dd_421509m_1599c_&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=15775

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714120538526&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=825812417.1714120539&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714120538&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%3Ftag%3Dd_421509m_1599c_&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=15775
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714120538526&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=825812417.1714120539&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714120538&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%3Ftag%3Dd_421509m_1599c_&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=15775 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Fri, 26 Apr 2024 08:35:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.47

200 OK

2.2 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.2 kB (2229 bytes)
Hash
338ac0173c13b7eef2149d23e1feeb23
495a8a56edd5650df3eca0c32d57e675f05b983b
279fa81271288f1ce5c17dcbd7449949bd830bbbd184ce3ea3bc1c30acf7cffa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:40 GMT
content-type: application/json; charset=utf-8
content-length: 2229
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:40 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js

104.18.39.72

200 OK

164 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
164 kB (163894 bytes)
Hash
3f93b957a5062be84378d815152bac67
556798c535014c3656737ff1d516f3db48e7231b
39e80137e2274679a70015f835b34108e29890e572e8d8b1f3d850c1a431a114

HTTP Headers

GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"12fe9-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8647931
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d57d98a5685-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.jpg

185.244.209.62

200 OK

43 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3
Size
43 kB (42774 bytes)
Hash
18e28833a6ad8d22f449e33af06a4ce5
502160fbc806adae22e56d7d6066a96ef3574c17
f8184f06a590cc9ad2ccc7a98c55e4c72bc5127190da8b725bbe1e90ebf7bdb4

HTTP Headers

GET /genfiles/cms/1/desktop/banner/efb6a12f775a7454c682a5f3cdcfe84c.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:40 GMT
content-type: image/jpeg
content-length: 42774
last-modified: Fri, 26 Apr 2024 05:28:57 GMT
etag: "18e28833a6ad8d22f449e33af06a4ce5"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f46e32f402bba683f89665ec9fa0c521-fa6566d264bb2dcb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T05:31:20+00:00, 2024-04-26T08:35:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.47

200 OK

12 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
12 kB (11515 bytes)
Hash
d8e3b2afb3f964271aef08e4fd5428b4
4349f790c43387e91a9602783a00275a886cf635
901197ce054e6627196cd8f9e69e5ef7b2822c3c3b669b521f70061ae5489bc5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:42 GMT
content-type: application/json; charset=utf-8
content-length: 11515
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:37 GMT
vary: Accept-Encoding
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.47

200 OK

2.9 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.9 kB (2854 bytes)
Hash
47e9554946b30ef029b81bec0c7f20c0
4121c848ab18880a8c561ca6e29058e9de86e6cf
45b8addf529586684094a7a15001f5bd79edcc19318239bfa511f2520f0d6903

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:44 GMT
content-type: application/json; charset=utf-8
content-length: 2854
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:44 GMT
vary: Accept-Encoding
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp

185.244.209.62

21 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
21 kB (21412 bytes)
Hash
1e9191583a9bca6627e85945c6c5d3f1
f2d4d5e76e448d1dd986c9616a660ae6c7806dde
733d49aa25dab77ba7fe51a0a831f51e988d3201c5cfc6fbc808c3b2c59b48c1

HTTP Headers

GET /genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:45 GMT
content-type: image/webp
content-length: 21412
last-modified: Fri, 12 Apr 2024 09:23:52 GMT
etag: "1e9191583a9bca6627e85945c6c5d3f1"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5c4df9640eaa2efda84477d59135d729-d16e045c095a0cf2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-12T09:33:12+00:00, 2024-04-26T07:36:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.47

200 OK

12 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
12 kB (11566 bytes)
Hash
a7434151f4146b112e356ec8406238b5
38cf9508f5433758931c4dc41a55db2f19f00cf7
5d800adc32915f0db15f8d144f58984ec8f0fda61ca9d5949b548de919b5c3f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:48 GMT
content-type: application/json; charset=utf-8
content-length: 11566
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:48 GMT
vary: Accept-Encoding
x-time-ng: 0.019
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.027
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.47

200 OK

258 B

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
258 B (258 bytes)
Hash
2216064f6e8e7b119b33bc2ba254a857
44b1d49d3830fe68cd9100e0c0cb1a118735a342
2ddaab5f6584b39cf275ac44421b70d4f883defc3771a9c3ed37337316a93cbd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:48 GMT
content-type: application/json; charset=utf-8
content-length: 258
cache-control: no-cache
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:48 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.013
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.47

200 OK

2.9 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.9 kB (2854 bytes)
Hash
47e9554946b30ef029b81bec0c7f20c0
4121c848ab18880a8c561ca6e29058e9de86e6cf
45b8addf529586684094a7a15001f5bd79edcc19318239bfa511f2520f0d6903

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:49 GMT
content-type: application/json; charset=utf-8
content-length: 2854
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:44 GMT
vary: Accept-Encoding
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.47

200 OK

2.2 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.2 kB (2236 bytes)
Hash
42a81217f25a7281f04db07f3f6bb9bf
af37f7c592c6d5a46336ef6ce2eb5277157adf2c
a42d73f20237d76dbfb018921318c0f847478ee3d436f8d2b3af953570bd0fa1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:50 GMT
content-type: application/json; charset=utf-8
content-length: 2236
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:50 GMT
vary: Accept-Encoding
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.47

200 OK

2.1 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.1 kB (2095 bytes)
Hash
491389ddbd6b55f162925056a2258999
9606d4a2925fa517f9ffe5cc21d67a941d9fbcf6
0d5ff24bfb877a59bc71c6da8f8ac7dffaf16d3729b0ffdc671418d7f384ad2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:50 GMT
content-type: application/json; charset=utf-8
content-length: 2095
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:50 GMT
vary: Accept-Encoding
x-time-ng: 0.069
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.076
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/48c55a46abd5ab116e797f7903d61d9a.jpg

185.244.209.62

132 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/48c55a46abd5ab116e797f7903d61d9a.jpg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1380x248, components 3
Size
132 kB (131536 bytes)
Hash
1ef98c36c93971dbb74108bae21d6878
edfa1fd1828fc2ae49c730086cddbe18ec4c0c53
c38329c0460fbb6b192d45377ea117869393426b51058c2c61f1f33356468527

HTTP Headers

GET /genfiles/cms/1/desktop/banner/48c55a46abd5ab116e797f7903d61d9a.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:51 GMT
content-type: image/jpeg
content-length: 131536
last-modified: Wed, 06 Sep 2023 13:13:57 GMT
etag: "1ef98c36c93971dbb74108bae21d6878"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c3468d5aec0a6444316ba901b0141f2b-2eb56ba502bb2c1d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:34:12+00:00, 2024-04-26T08:35:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/48c55a46abd5ab116e797f7903d61d9a.webp

185.244.209.62

22 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/48c55a46abd5ab116e797f7903d61d9a.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
22 kB (22384 bytes)
Hash
223959ab229c22ef60216e9c780ef376
03fef16fe4253987b207ebd4f5ab77da8262cad7
07dc1d52de65dc11175476efd14081c77cec2379f6b78879bca4c079c2675a3e

HTTP Headers

GET /genfiles/cms/1/desktop/banner/48c55a46abd5ab116e797f7903d61d9a.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:51 GMT
content-type: image/webp
content-length: 22384
last-modified: Wed, 06 Sep 2023 13:14:07 GMT
etag: "223959ab229c22ef60216e9c780ef376"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2f43d7ac5b1b3e5471d7e5310e31f4d5-0eaf75eb13f69827-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:23:29+00:00, 2024-04-26T07:36:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US

54.230.111.124

82 B

URL
services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US
IP
54.230.111.124:0
ASN
#16509 AMAZON-02

File type
JSON text data
Size
82 B (82 bytes)
Hash
4f822d39c269d2c47e3174b6c6bad3b7
d56bd07959c766e9c18faa9cf1070548f9236b65
cda00e555c758b1c13b6cbd17049ca8471057d16c60f08f551dbc331308eecf3

HTTP Headers

GET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US HTTP/1.1
Host: services.addons.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
content-length: 82
server: openresty
date: Fri, 26 Apr 2024 07:43:07 GMT
allow: GET, HEAD, OPTIONS
x-amo-request-id: b9b00ac58e7543c291c0b20b424b5110
content-security-policy: script-src https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://addons.mozilla.org/static-server/; default-src 'none'; object-src 'none'; style-src 'unsafe-inline' https://addons.mozilla.org/static-server/; form-action 'self'; font-src 'self' https://addons.mozilla.org/static-server/; connect-src 'self' https://*.google-analytics.com; child-src https://www.recaptcha.net/recaptcha/; img-src 'self' blob: data: https://addons.mozilla.org/static-server/ https://addons.mozilla.org/user-media/; media-src https://videos.cdn.mozilla.net; frame-src https://www.recaptcha.net/recaptcha/; report-uri /__cspreport__
x-frame-options: DENY
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
cache-control: max-age=3600
public-key-pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
via: 1.1 google, 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
etag: "4f822d39c269d2c47e3174b6c6bad3b7"
vary: origin,X-Country-Code,Accept-Language
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _FO4VDaII5neiksimZCLPx1ovBuN8YQEgviMhbMFF3ofCK4IO7wbbQ==
age: 3164
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

42 B

URL
aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text
Size
42 B (42 bytes)
Hash
f8f24fa0c857d8f2ee493e131b85ab62
cb6049f830a54d14a19d4104fc0bb5ab5fdedbe6
e0dadbc9cd1f1bd8ce3118cc3383e0d0f6d147f055265d498d99deea956ba00f

HTTP Headers

GET /update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:51 GMT
content-type: text/xml; charset=utf-8
content-length: 42
rule-id: unknown
rule-data-version: unknown
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.47

200 OK

12 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
12 kB (11566 bytes)
Hash
a7434151f4146b112e356ec8406238b5
38cf9508f5433758931c4dc41a55db2f19f00cf7
5d800adc32915f0db15f8d144f58984ec8f0fda61ca9d5949b548de919b5c3f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:53 GMT
content-type: application/json; charset=utf-8
content-length: 11566
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:48 GMT
vary: Accept-Encoding
x-time-ng: 0.019
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/v3/bonuses/welcome-bonuses

178.253.29.47

200 OK

3.1 kB

URL GET HTTP/2
1xlite-660473.top/web-api/api/v3/bonuses/welcome-bonuses
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
3.1 kB (3137 bytes)
Hash
3b95c708633bddc9e7e22d49dad5fc0f
a8df6625dbc748880d5d8c7848cf596f3745b87c
e23bcc0d393deacc52f246838faf46a23d0bf4cfe70079980e20a4d0a2a80e53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/welcome-bonuses HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=21, dt_total;dur=28.260, wf-uht;dur=0.037
traceparent: 00-137cd08a130c8120a62895379ea6c8fe-e1a1574230eb04d5-01
x-dt: 285
x-time-ng: 0.022
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/dac8c9aa0b0cdc269254d95ff2e914d3.webp

185.244.209.62

37 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/dac8c9aa0b0cdc269254d95ff2e914d3.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
37 kB (37416 bytes)
Hash
75deadbff841341315c61275cb663d23
83f7a4805c1fe1e50c30ffe9372a2a4125a829e1
5535616e6979cbfeb494b91c37ac03dde69a30469e78ac0c6e80a778cb34393b

HTTP Headers

GET /genfiles/cms/1/desktop/banner/dac8c9aa0b0cdc269254d95ff2e914d3.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:56 GMT
content-type: image/webp
content-length: 37416
last-modified: Fri, 26 Apr 2024 05:10:50 GMT
etag: "75deadbff841341315c61275cb663d23"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-26T07:03:21+00:00
traceparent: 00-380242f2d6f00482581ae3fa78841144-20a51029be3f9a6e-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js

104.18.39.72

200 OK

46 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
46 kB (45600 bytes)
Hash
36b00d015efbe2323f412a54aedbb4c5
ba306af4421ae69cc7c08e16dd3326fa2d0029fd
f41403902681ac37951e0d17a2f5052910499f61304b030671d88e2fd5e630be

HTTP Headers

GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 12:45:49 GMT
etag: W/"22695-18b9011853a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13495117
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d57d9815685-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js

104.18.39.72

200 OK

21 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
21 kB (21304 bytes)
Hash
96d1c4dd1ca6d12835eb8be68c6622ed
78fb3e1569e1a19bdea7fb874c34d73945ea225f
07035189bc2d1b0b41070d1674e1c98d57fa8aa475f5737e23f84aa7000be080

HTTP Headers

GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"8f42-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13493271
expires: Sat, 26 Apr 2025 08:35:29 GMT
server: cloudflare
cf-ray: 87a53d5dbe925685-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.47

200 OK

2.9 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.9 kB (2861 bytes)
Hash
15cc15aa6a98d10cb4638362ddc47829
287547b287a68e09d13c73be8c7e9313baa17d97
cb9d676fa9328eb618631dac00dc19ad1bd685de104ef892b400ca985a4fa293

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:59 GMT
content-type: application/json; charset=utf-8
content-length: 2861
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:35:54 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.47

200 OK

2.2 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.2 kB (2240 bytes)
Hash
cf919bc6b2ea7539d166de6d28666080
053f8403993b751ac32780e9b3ee2a79384656e2
34984f78c536ab863531ff1670d298e20d38beef208d60aefd92b1f5cee87be7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:36:00 GMT
content-type: application/json; charset=utf-8
content-length: 2240
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:36:00 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.47

200 OK

2.1 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.1 kB (2095 bytes)
Hash
491389ddbd6b55f162925056a2258999
9606d4a2925fa517f9ffe5cc21d67a941d9fbcf6
0d5ff24bfb877a59bc71c6da8f8ac7dffaf16d3729b0ffdc671418d7f384ad2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiT1FoeXBoUCtIaVdiM0xYbmZJanN3NGpScVBDY0I1QWNvT3oya29hUDlRb2JXL1B0aEZ5Z1FXOS9vQkVKSlNnNDI3ODdBclRzQWFZTmdScmg5K1gzbm1UMU9SS3hUZG5xcmRubVdac3VSOE5nUkszMXBjYTllYnFsTHp4bEk5WFdsK0xyR0VLR0U4dTZIZk0xenFTaWFKMko0VHZUUERpc3pqRjEvUndCd1FtbkhXYXBady9SeVpocnpBb0xrOHR1NDI2blRHTUlldEFQRFgvc3haSVJDMHhGT0NUTFcybnZxcFRnUXNFQmVhUGRLZ1NhQTdzdnlzU0hsclZKSldhU205U0N5cGNFMEZNaGlLblZBYlU2S0E5aGJZVkVlekFFZ1czUkpnS2JWdXJFIiwiZXhwIjoxNzE0MTM0OTM4LCJpYXQiOjE3MTQxMjA1Mzh9.EaMrHY6lCFH0gtLGgz1XggiqYGicV6FWMHvDV-N4KLjPxAl5eiWVepn4GVAe2IRjAuw92lOaVsKbSTgR1Ug4cA
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174; _ga_7JGWL9SV66=GS1.1.1714120538.1.0.1714120538.60.0.0; _ga=GA1.1.825812417.1714120539
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:36:00 GMT
content-type: application/json; charset=utf-8
content-length: 2095
cache-control: public, max-age=5
content-encoding: br
last-modified: Fri, 26 Apr 2024 08:36:00 GMT
vary: Accept-Encoding
x-time-ng: 0.065
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.073
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/ae180f15a3d5b627f628afdca3fa6bdd.webp

185.244.209.62

37 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/ae180f15a3d5b627f628afdca3fa6bdd.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
37 kB (37416 bytes)
Hash
75deadbff841341315c61275cb663d23
83f7a4805c1fe1e50c30ffe9372a2a4125a829e1
5535616e6979cbfeb494b91c37ac03dde69a30469e78ac0c6e80a778cb34393b

HTTP Headers

GET /genfiles/cms/1/desktop/banner/ae180f15a3d5b627f628afdca3fa6bdd.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:36:01 GMT
content-type: image/webp
content-length: 37416
last-modified: Wed, 20 Mar 2024 13:47:46 GMT
etag: "75deadbff841341315c61275cb663d23"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-778102f9da7a837f11271dad22d974ec-d37a83dfab14004f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-01T08:00:53+00:00, 2024-04-26T07:36:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cae4f1b8545c.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cae4f1b8545c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1063), with no line terminators
Size
1.0 kB (1024 bytes)
Hash
a3ae3c18635c48e68ba9002fa8dd51f7
75a1a27b788148b6bd79b7f36a1b702d817bdaa4
cded0f61d0d943609f59c0531251ca195ba897ad706004622f81d0e02f35d994

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cae4f1b8545c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"719cfbcc9fea351eaa8e09773949ae73"
x-amz-meta-mtime: 1713875281.741615558
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:15 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a2c15f7bf8d792aeebb96c3e5bbddd0e-e1a4d4b106ddf7c1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:15+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/e5171649467e167db76f656b6cbbbd1e.webp

185.244.209.62

200 OK

710 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/e5171649467e167db76f656b6cbbbd1e.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
710 B (710 bytes)
Hash
26334b7a3494d1a9ec173261880f3b0d
292bae8adac533ce185f52c2ea860f6ceb25ba3d
6bbf9756f3653837b9ca2beb0e6a172e7f6bd798f4c17e19a06b218220f6298c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/e5171649467e167db76f656b6cbbbd1e.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 710
cache-control: max-age=94608000
content-disposition: inline; filename="e5171649467e167db76f656b6cbbbd1e.webp"
content-security-policy: script-src 'none'
expires: Tue, 20 Apr 2027 09:34:40 GMT
x-request-id: b74bab8efe44f9052a294046327bbdcc
x-time-ng: 0.044
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1d9ef3ebfee8ba76337bcac4af57ae61-52b1ae5f2deb399a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-20T09:34:40+00:00, 2024-04-24T10:08:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/coloredSvg.svg

185.244.209.62

200 OK

75 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/coloredSvg.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
75 kB (74830 bytes)
Hash
fd241a06afa4bae60c4bbab7fa1a9a5b
1716e53300c5e6d6863927d2a2bac373c89a35bd
713fe337ae15db05269c2db25a6f3045800c812320eb439b2000558041df2bcc

HTTP Headers

GET /sys-icons/1.0.328/285/coloredSvg.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"fd241a06afa4bae60c4bbab7fa1a9a5b"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:11 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-162ccac7b14d4d2b4997269acd4ef88b-834cda4574e84d91-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:11+00:00, 2024-04-25T11:15:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/

104.18.39.72

200 OK

496 kB

URL GET HTTP/2
widget.suphelper.top/
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type

Size
496 kB (496420 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87a53d562fe55685-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/694da3a9483f.js

185.244.209.62

200 OK

424 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/694da3a9483f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (441), with no line terminators
Size
424 B (424 bytes)
Hash
3452088f0e5f6284f6c5c4a82ce195f1
76b93ac15fc01b99d5388ceafa404ab14e992779
7a9b375b885629426f3cfb5f3d9840ec3c81165f0b44dc251ee428133cea7a23

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/694da3a9483f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
content-length: 424
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: "784714dbdeff946febf2eb88c77d6340"
x-amz-meta-mtime: 1713875281.713615339
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e260d4ae372c6a1b3b5acdc06bede3ee-b416e67d506c37eb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:53:27+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.72

200 OK

318 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
318 kB (318168 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 08:35:38 GMT
expires: Fri, 26 Apr 2024 08:35:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104919
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.47

200 OK

34 kB

URL GET HTTP/2
1xlite-660473.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
34 kB (33902 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=22, dt_total;dur=47.014, wf-uht;dur=0.074
traceparent: 00-efabdc0c4f65c6b85f1360d071aed54c-4d7dda8b52e1613b-01
x-dt: 285
x-time-ng: 0.029
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js

104.18.39.72

200 OK

92 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
92 B (92 bytes)
Hash
7c3f7e060745668041278118c0bb3d6d
e639f56695b3cc30d78dce7a0084aa8299a1311a
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a

HTTP Headers

GET /_next/static/724286ac/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"5c-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 94667
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d5809a85685-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js

185.244.209.62

200 OK

101 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (35828)
Size
101 kB (100701 bytes)
Hash
51ddc52774f4e5bd6a6f1c22e9d19674
374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4
642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_M4D4AAJL.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 10:33:48 GMT
etag: W/"51ddc52774f4e5bd6a6f1c22e9d19674"
x-amz-meta-mtime: 1714041104.905613859
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:41:55 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-93d2aa078b76cdfe4d06657adc0d4a4b-d94844e47641da6e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:41:55+00:00, 2024-04-25T12:44:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/88071a5d390d.js

185.244.209.62

200 OK

2.1 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/88071a5d390d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2253), with no line terminators
Size
2.1 kB (2136 bytes)
Hash
1b344ec76dcafdf426afeeba25def135
9aa097a8abb0c275f9f3023d158937df65a7db61
c32914362b1e86de0ac03e17e47c0eb1b30f266ab539b33b6f69fa336135564c

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/88071a5d390d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"3084b8e581d711a9e12b5519b6d0d789"
x-amz-meta-mtime: 1713875281.721615401
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a5203feeb256d038e106e2c00d15c21d-726e623ec96a14fd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/sys-icons/1.0.328/285/country.svg

185.244.209.62

200 OK

178 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/country.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
178 kB (178404 bytes)
Hash
60caf0d666af828706b3d83c428a31e4
0f687988f8e835cb514794a4dbf7bb98613865f2
493ff1845dd1167680740cc525f4fb69ecdc4332265e83e76c26296a5001a602

HTTP Headers

GET /sys-icons/1.0.328/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:03 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bf46b8f15e582b5fae090d8452e583d2-288fe8219f9b5621-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:03+00:00, 2024-04-25T11:01:26+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css

185.244.209.62

200 OK

1.6 MB

URL GET HTTP/2
v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
1.6 MB (1550522 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-ui/2.2.11/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:41:52 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713872392.088051093
content-encoding: gzip
expires: Wed, 24 Apr 2024 14:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.008
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d1fe1f0c518c16ee008858a3c98c562e-d9f177942905680f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T14:28:29+00:00, 2024-04-25T14:32:54+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/checker/redirect/stat/run/

178.253.29.47

200 OK

14 B

URL GET HTTP/2
1xlite-660473.top/checker/redirect/stat/run/
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
d9612159e7d1b3767bdbd34943bf3653
104709407a86206ce1a7b41213b664e1adc06855
d649c3334243c98e9f6ca64e9ec6ccbdcfc0079fa95597575d0197c2bb4a366e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/4695050bc81f3f1c5dd22711d5594622.webp

185.244.209.62

200 OK

2.1 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/logo-champ/4695050bc81f3f1c5dd22711d5594622.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.1 kB (2100 bytes)
Hash
cb780d0bed2a9de30692138d294f7b3b
c55160cd92c2dfd05c7d5f0a78b044821cfd86e0
cc5b0b6101864ce0fffdd3a5f5853d1e27b3f781e05b1187153a4ade69412698

HTTP Headers

GET /sfiles/logo-champ/4695050bc81f3f1c5dd22711d5594622.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 2100
last-modified: Sat, 05 Aug 2023 05:44:58 GMT
etag: "cb780d0bed2a9de30692138d294f7b3b"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ed612674b129384b8dbbac4397c86ebd-0f5c8d7ea438d53e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T23:01:28+00:00, 2024-04-26T07:11:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2e7e82ef0fd8.css

185.244.209.62

200 OK

67 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2e7e82ef0fd8.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
67 kB (67103 bytes)
Hash
86bbeccf1800ba74e6c228c6ac503cef
d4313d9e6192f09b3fb3a6271878833647ac4076
2e7e82ef0fd81f87d43846e9c6bf605560206cc4ec9689695447f786d43448b8

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2e7e82ef0fd8.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"86bbeccf1800ba74e6c228c6ac503cef"
x-amz-meta-mtime: 1713875281.697615214
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:15 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c7544584b35081c2a415a7eb10db7e82-10d8307173b3ac30-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:15+00:00, 2024-04-25T13:05:55+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/external-api/config/getVideoAccessConfig

178.253.29.47

200 OK

24 kB

URL GET HTTP/2
1xlite-660473.top/web-api/external-api/config/getVideoAccessConfig
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
24 kB (24122 bytes)
Hash
cb0bc8eedc642fc591c0eef57e6c67e5
6c62aeececef0a5ff474bb21bf569ad8d48f6bd0
c57136f602923fc19534e58f7da5a483616d80031222372e19a29fd6f22b0a0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/config/getVideoAccessConfig HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=20, dt_total;dur=50.442, wf-uht;dur=0.196
traceparent: 00-0e2b81e694bdde961a89ebe84f5bba05-366911c3f8934e71-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.045
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
14 kB (14308 bytes)
Hash
9e7af5cc8f19e556b8696b1f616368bb
5dfc0391d0b038c0a854280a40cd89a6e5ed970e
bfb06010ec5c7f94e57ce0ee75b270c76559d76e8e49e8085866bc11408345fb

HTTP Headers

GET /sfiles/games-images/game-animations/game-85-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Jan 2024 13:34:39 GMT
etag: W/"9e7af5cc8f19e556b8696b1f616368bb"
x-amz-meta-origin-date-iso8601: 2024-01-24T13:05:40.000Z
expires: Fri, 19 Apr 2024 00:06:27 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fa4a2d7f8be15e4501c836b64ce177c7-c4a38abc4568b951-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T03:23:59+00:00, 2024-04-26T00:36:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js

104.18.39.72

200 OK

107 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107186 bytes)
Hash
d0a7ecc59065580118a9ea8880c58962
21573546ac5011592094ef6aea0696ccdeb2164d
e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5

HTTP Headers

GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 94667
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d57f9935685-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/75dad300a828c877cdd7d1d57fd2b75c.webp

185.244.209.62

200 OK

788 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/75dad300a828c877cdd7d1d57fd2b75c.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
788 B (788 bytes)
Hash
a5fa7ac4b7e58835edf2eb3f52b10e09
3d19982c4936c784c0d1f9b47a468fd71fae01c8
815ae4c8fa8f1fa86b06370576de5ffb2dff4093d3036222bd965b77edd40456

HTTP Headers

GET /resized/size16/sfiles/logo_teams/75dad300a828c877cdd7d1d57fd2b75c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 788
cache-control: max-age=94608000
content-disposition: inline; filename="75dad300a828c877cdd7d1d57fd2b75c.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 08:08:59 GMT
x-request-id: 8ba03b24985f66080628a6a017ee4372
x-time-ng: 0.047
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f2014049542dbc0df544466adcc825d9-6464ce2111ed0572-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T08:08:59+00:00, 2024-04-26T08:09:04+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/4d8398c854fb0d977aa13f40a2f12f15.webp

185.244.209.62

200 OK

800 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/4d8398c854fb0d977aa13f40a2f12f15.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
800 B (800 bytes)
Hash
1b739e5511d95bcf04a53560cfaf9787
d973b0b9d3ac0c0d4968d4f152018b93597a1683
13fdff2a4c2f70a1bd4096cf2e1bf427c7037cc316da7cb625164a15fbf041b4

HTTP Headers

GET /resized/size16/sfiles/logo_teams/4d8398c854fb0d977aa13f40a2f12f15.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 800
cache-control: max-age=94608000
content-disposition: inline; filename="4d8398c854fb0d977aa13f40a2f12f15.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 09:03:45 GMT
x-request-id: ec72ae267cfdde48b23a3834154c30d1
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-444c017170a315d3a630365fb942fdd9-0d4d0f0324f01b65-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T09:03:45+00:00, 2024-04-25T11:03:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/344e644612ea.js

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/344e644612ea.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1296), with no line terminators
Size
1.2 kB (1227 bytes)
Hash
20ced9cb4cee69ea064b1bb92b7a312b
70545823690dc7c9d82c497cb9f73ac0f975997b
9a12e579854e2d8d75460a627e63194b2bb43f7f3eb80074bb06ff27fec0885b

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/344e644612ea.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"e3860273696b2c2385615d1b02860059"
x-amz-meta-mtime: 1713875281.701615245
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cc7b9ff2e42e6e9dd31114f5c6c2b922-dce229d217972afe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json

178.253.29.47

200 OK

2.1 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (2345), with no line terminators
Size
2.1 kB (2128 bytes)
Hash
f28a40d30a99fab8a5ccced08db52f77
063e77333797a10e097679a1e4d17269fc6d3b6b
a46ea2afe2103a473c90b17137f840e29d578a74d191daac521d45e9d3cf1d6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_ssgManifest.js

104.18.39.72

200 OK

77 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_ssgManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
b6652df95db52feb4daf4eca35380933
65451d110137761b318c82d9071c042db80c4036
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

HTTP Headers

GET /_next/static/724286ac/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"4d-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 94658
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d57f99a5685-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/v3/bonuses/first-deposit

178.253.29.47

200 OK

426 B

URL GET HTTP/2
1xlite-660473.top/web-api/api/v3/bonuses/first-deposit
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (464), with no line terminators
Size
426 B (426 bytes)
Hash
2d9b04c0ee3ec015e9094ce942ed9139
eebc58e94d15401f9c6737a4908018fd833d94ee
dea4bd3b63fac017709162cd44048f725c21396da41d2cfdc235812fcf2eb6fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=38, dt_total;dur=91.288, wf-uht;dur=0.099
traceparent: 00-3a6e71b2263edd73caf761313ce34c21-f5213bbaeb39d0d8-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.055
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3e98905ff0ef.js

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3e98905ff0ef.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4298), with no line terminators
Size
4.2 kB (4217 bytes)
Hash
7ccf9335eb8b78c26f4fb55d174dcee4
5eb84a0694d3a3c2f1a73b4a06d3c795fe36b149
86b04cabf57ad317b65cb568045ec781d2adc9a10bc24270f19c4e6c4755b4d9

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3e98905ff0ef.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"ea85164f3c2c7d7e126e0e8be39d1ce0"
x-amz-meta-mtime: 1713875281.701615245
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:18 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-413e03c4be89bdd9916188370257c9f5-5f6759a8d43f76c4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:18+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css

185.244.209.62

200 OK

46 B

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
f506188b04c16eaa9c664ed23f7ce58e
08d068d7fa5a84beb06ba924a35d84d6bfdab30a
b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9

HTTP Headers

GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-123c834299e8e63eb733abdfb5ae639e-2e1dbb009b071d40-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-04-26T07:41:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6684c66fedf3.js

185.244.209.62

200 OK

715 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6684c66fedf3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (734), with no line terminators
Size
715 B (715 bytes)
Hash
2efb888dbb9343ee6d683e8d796d82f4
1e1e489141485affbc1919d379cf88f7d65d23e2
e019ff00da941f85d11e34442751266d09e627a7191f2b2177018c625ffe346c

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6684c66fedf3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: text/javascript; charset=utf-8
content-length: 715
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: "363cae3f1a92357379ce31b700f431ee"
x-amz-meta-mtime: 1713875281.713615339
expires: Wed, 24 Apr 2024 12:55:16 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-69bff35cc4746d31534b26a466c2fb36-0870b1dae3593d0d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:16+00:00, 2024-04-25T14:33:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1xlite-660473.top/en?tag=d_421509m_1599c_

178.253.29.47

200 OK

968 kB

URL User Request GET HTTP/2
1xlite-660473.top/en?tag=d_421509m_1599c_
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
968 kB (967968 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en?tag=d_421509m_1599c_ HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:24 GMT
content-type: text/html; charset=utf-8
content-encoding: br
server-timing: total;dur=952;desc="Nuxt Server Time", dt_total;dur=965.013, wf-uht;dur=1.013
set-cookie: lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Tue, 25 Jun 2024 08:35:23 GMT
reflinkid=d_421509m_1599c_; Path=/; Expires=Fri, 26 Apr 2024 09:35:23 GMT
postback_watcher=; Path=/; Expires=Fri, 26 Apr 2024 08:35:27 GMT
platform_type=desktop; Path=/; Expires=Mon, 29 Apr 2024 08:35:24 GMT; Secure; SameSite=None; Partitioned
auid=sv0dL2YrZ0w3P7KAAwNyAg==; path=/; secure; httponly; samesite=lax
traceparent: 00-102bac02211ca067bfe323dbd2e2d65d-64ffbb737facb7e5-01
vary: Accept-Encoding
x-dt: 285
x-frame-options: SAMEORIGIN
x-time-ng: 0.957
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1232 bytes)
Hash
a436db0af736498349f0127d8e7fab1e
b07e2c449cf16ddb052ce40d881db13a0c890b9b
93261a519c1cea62e2c934496d5e0cbd1cbc8f65b4961811316e55d9e7c96ede

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:25 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-08c6d4fb17d5480f7780c330d6d5c9aa-77b73ada13667f46-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-04-26T08:34:17+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js

104.18.39.72

200 OK

373 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
373 kB (372954 bytes)
Hash
36e4e2c2a2498b008514f1f0250c8018
cfa53d1c8533fb5941d9ff4f1e45e8c831658693
42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0

HTTP Headers

GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 2507622
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d57f9925685-OSL
X-Firefox-Spdy: h2

refpa48633.top/

104.21.16.176

303 See Other

968 kB

URL User Request GET HTTP/2
refpa48633.top/
IP
104.21.16.176:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectrefpa48633.top
FingerprintCF:1B:3F:FD:A0:CB:47:FD:C1:EA:F7:81:7A:15:F0:14:83:40:1C:01
ValidityWed, 06 Mar 2024 14:08:42 GMT - Tue, 04 Jun 2024 14:08:41 GMT

File type

Size
968 kB (967968 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: refpa48633.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
date: Fri, 26 Apr 2024 08:35:23 GMT
content-type: text/html; charset=UTF-8
location: https://refpa4293501.top/L?tag=d_421509m_1599c_&site=421509&ad=1599
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6LZTjngSPbrycgSSLAsBxkRIYIHqtBpjRwuVun9ANbFyg4mc07ffChbXKNuTr3Cc%2BH9Qp4x%2BHwQ7oeFfoBXId1dLRTOo9haK9AFyqIJfOAQZuXpKZuVXHurjke074Hv1tQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a53d361a46b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/994284d39ca5.js

185.244.209.62

200 OK

1.4 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/994284d39ca5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1424), with no line terminators
Size
1.4 kB (1413 bytes)
Hash
c237470fa514edfe57b71d2e46e2b412
5e6dd202fcf52b92dd87afeb312b05f8581194ab
6268819bfc8850bad3c1d34f8b89ef0bc372e2b83703654c4e1c98f3ee425127

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/994284d39ca5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"901f57b165b23c191081c0d0112a5eda"
x-amz-meta-mtime: 1713875281.725615432
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b442f39986a43a8f5b2d3591b9b6da93-272effac0816523e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-fc97ad68.js

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-fc97ad68.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (15997)
Size
16 kB (16063 bytes)
Hash
12c0a8a167063fa1743b27ac4e537460
a51e99cf826d86a23bf7e166f833b46b517ccdbb
a49ece220afcdcf483c4b1a36e0813329c879079080cd81008709687811d1125

HTTP Headers

GET /_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-fc97ad68.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 5562
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-15ba"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f45b5f4a405fea2daab7425eede9b424-d530bb8915370602-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:38+00:00, 2024-04-25T13:06:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/sports.svg

185.244.209.62

200 OK

378 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/sports.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
378 kB (378005 bytes)
Hash
0c52e0c32f8f2667a72e0d57b63e02a3
a0fb81e89f2510e228c1298f2d107f5672c0a03d
ed4dcc337364c73f4382c79e759156e064823c54a2f78d2747bafd87d41abe73

HTTP Headers

GET /sys-icons/1.0.328/285/sports.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"0c52e0c32f8f2667a72e0d57b63e02a3"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:02 GMT
cache-control: max-age=86400
x-time-ng: 0.004
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-eb92862df04fab33d86ab818bb20416e-6c0319116ccdcba1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:02+00:00, 2024-04-25T11:15:17+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/77a6db22d54557bcd4454ded977fe808.webp

185.244.209.62

200 OK

698 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/77a6db22d54557bcd4454ded977fe808.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
698 B (698 bytes)
Hash
fedef798e73cff095ccca257b2870116
c92d1ec63e3c966f18f8ba4cd891d8686a977525
9909fe97bb12570a3b9a81ab78fd07e1e1cbacb9f61b60c46f0999beaac97961

HTTP Headers

GET /resized/size16/sfiles/logo_teams/77a6db22d54557bcd4454ded977fe808.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 698
cache-control: max-age=94608000
content-disposition: inline; filename="77a6db22d54557bcd4454ded977fe808.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 13:54:17 GMT
x-request-id: 95b11e0b1a62898125edf2372cc4070c
x-time-ng: 0.034
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9f462d785998016bc8219f0418cc9ee9-4ab81cf65aad06f2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T13:54:17+00:00, 2024-04-25T20:06:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_buildManifest.js

104.18.39.72

200 OK

519 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_buildManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with very long lines (547), with no line terminators
Size
519 B (519 bytes)
Hash
063abc9f05b28326f5878dcd728ca1f7
321099ea5d4fa6792974fd44503ffb3e75e5c5b0
73109b74c039aec5fc1e3f4e3c2e15585b1ba094f3e8291b0cd67f51b4b830c4

HTTP Headers

GET /_next/static/724286ac/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"207-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 94667
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d57f9945685-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js

185.244.209.62

200 OK

30 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (30255)
Size
30 kB (30277 bytes)
Hash
dfa127e93d125d4f6c566203eaf225f2
32c1fd89c4eeed7ac2a942582b3786659b15cd43
cf5077d1cff62ce76807408ebc2203563b7a221ddf1cf38339c6d54289bff390

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_PLMWICWN.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:30 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 13:43:42 GMT
etag: W/"dfa127e93d125d4f6c566203eaf225f2"
x-amz-meta-mtime: 1714052428.630038208
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:18:00 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fc5d1e21ba968e92806dbb51440b737c-f732a56ded338d99-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:18:00+00:00, 2024-04-25T15:50:24+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%223785e27e-9389-48aa-9adb-e4a074a5a1c1%22%7D

104.18.39.72

200 OK

24 B

URL GET HTTP/2
widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%223785e27e-9389-48aa-9adb-e4a074a5a1c1%22%7D
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
d6bacfff68d40ad2744454c2506cc0f9
85f1f094d174fd4d78bd382c7948b95e9db93215
cd0483a083f6c73e9cd006ee073b875188c49f4025f771ecbcb795d40ac980ed

HTTP Headers

GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%223785e27e-9389-48aa-9adb-e4a074a5a1c1%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:29 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87a53d5dae7b5685-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/28a6402a2a0b.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/28a6402a2a0b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1490), with no line terminators
Size
1.5 kB (1485 bytes)
Hash
bee6c1d898b622799896de84cf8cb395
7effc6d4c513dd89437bb246253038864c6e079d
ce5f0db87a753bbe9bb563b1708206f16bf0d5ff7fa20c1b8a579b155ef11503

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/28a6402a2a0b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"24906b7dbc572ec6dd8117e9bd9939e3"
x-amz-meta-mtime: 1713875281.693615182
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9affbdfaef44ac96dfc482c26642c712-4ed153adcaed1172-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:53:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/web/v1/config/actualDomain

178.253.29.47

200 OK

269 B

URL GET HTTP/2
1xlite-660473.top/web-api/api/web/v1/config/actualDomain
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (309), with no line terminators
Size
269 B (269 bytes)
Hash
6469b5c07a262f60f11e004ac72262b1
978ec0042baae49cb3bc8a7882055ec9a053e522
459c4cead3579c67475b231f8d8e21e599e27ecf8108d8ba29dd10a558b43f53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=19, dt_total;dur=20.058, wf-uht;dur=0.034
set-cookie: SESSION=73664b33eb77fbb9f477cda645e0ce6e; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-f159ab6dc0c66c40af7c9542137a39ec-b83766f58908cb8b-01
x-dt: 285
x-time-ng: 0.020
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/user/secure

178.253.29.47

200 OK

59 B

URL POST HTTP/2
1xlite-660473.top/web-api/user/secure
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
59 B (59 bytes)
Hash
1414217e32985ce707b2772153847406
58578cdda997d5f1d080cc4f52fd6ed27f3ae89e
af236acb1e362d55d75d458ad3d8e4c1b408c798ccf4a96ab6cff76eebb5f10a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/user/secure HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; postback_watcher=; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=16, dt_total;dur=41.615, wf-uht;dur=0.053
set-cookie: _glhf=1714138302; expires=Fri, 26-Apr-2024 09:35:26 GMT; Max-Age=3600; path=/
traceparent: 00-b063b02f2c5515eee93ad5ce4d7d39b4-b4050f3fcb1f8c68-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.031
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js

104.18.39.72

200 OK

10 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (10533), with no line terminators
Size
10 kB (10533 bytes)
Hash
54b2d4e92e16d2ea51898124107af46a
ab4225b696e63c9040de1511fa229cf65b4d3750
e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662

HTTP Headers

GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8647931
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d57e98f5685-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/logos.svg

185.244.209.62

200 OK

43 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/logos.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
43 kB (42787 bytes)
Hash
c45fb3adb3e47bdbd03c88fc4c4309aa
9ce991739a2879970ba12baf56108c8fcdefefb1
61d5aead50750c6e8a7bfde801abbf6f4ab75e387fdcc748ec6784e219e4d727

HTTP Headers

GET /sys-icons/1.0.328/285/logos.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:26 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"c45fb3adb3e47bdbd03c88fc4c4309aa"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:05 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2b3e0f793480dbe326686596a35e3eb4-d5e60d4e18812dfa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:05+00:00, 2024-04-25T11:15:13+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e4f5a237b491.js

185.244.209.62

200 OK

41 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e4f5a237b491.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (41364)
Size
41 kB (41365 bytes)
Hash
827336e53d45532bf8abee174a7db24c
9e22ae96319fe168ee654d0b13b0ab8ee0389c9c
5d8ad0aaff4e86121999a5653478d797eb03810c582f5198c1f1ec61ccb8659a

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e4f5a237b491.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"827336e53d45532bf8abee174a7db24c"
x-amz-meta-mtime: 1713875281.745615589
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:13 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9308c2276024a966da67a5aa2f78c136-235bf280b93af947-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:13+00:00, 2024-04-25T13:05:55+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/sounds/new-message.mp3

104.18.39.72

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/sounds/new-message.mp3
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo
Size
30 kB (29952 bytes)
Hash
ef9af24dc7dbd24ffd99c832e1300351
f78744a5013038446c468de14f205f2d52373fd6
5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9

HTTP Headers

GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:29 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"7500-18f123218ff"
cf-cache-status: HIT
age: 2205
expires: Fri, 26 Apr 2024 12:35:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a53d5e2f075685-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/093330da9752.js

185.244.209.62

200 OK

2.6 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/093330da9752.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2663), with no line terminators
Size
2.6 kB (2558 bytes)
Hash
91570314fc25146acb8a01849a1ae4d7
69d74f5ade2fdbc1c6063442138a1d0f74370b0c
6be19e3ecead08cac68f9d9116836c21c72b758e0f6d4561a918ecb16d27e43a

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/093330da9752.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"e99039abd8dac007c9c64df5cbb76091"
x-amz-meta-mtime: 1713875281.673615027
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:16 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-15f0f6cc28e6ddd718e4f1e7715dc539-72faacf9e6fe8946-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:16+00:00, 2024-04-25T13:53:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/f92897d98f7506cd3fb4f3d0e74157bf.webp

185.244.209.62

200 OK

616 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/f92897d98f7506cd3fb4f3d0e74157bf.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
616 B (616 bytes)
Hash
6d883aedef22d2c36342b8eca7f23257
cc9ef9f2a7cbd931b30836f5b35ee25a8ab7b98e
cd47317523e424658d7b28cd637b4962de7cff342469f8185d291896a1c59541

HTTP Headers

GET /resized/size16/sfiles/logo_teams/f92897d98f7506cd3fb4f3d0e74157bf.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:27 GMT
content-type: image/webp
content-length: 616
cache-control: max-age=94608000
content-disposition: inline; filename="f92897d98f7506cd3fb4f3d0e74157bf.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 12:27:20 GMT
x-request-id: 6e49e8fcc87a83b320f8a509bb598a55
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-25dd5f09b3e2e204ceeb7e8f8778b199-8b31a80893ddd68b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T12:27:20+00:00, 2024-04-25T07:22:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/mobile

178.253.29.47

200 OK

487 B

URL POST HTTP/2
1xlite-660473.top/web-api/mobile
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (523), with no line terminators
Size
487 B (487 bytes)
Hash
abd435842fcdd3b9d9948faba1a4b645
0e65eb46b1d29faa305a51eb7b533b3cfa13d2c2
b9936290b81665c7ceee877221a5a87994e09b5773e31e9ee81de40ced98fcea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/mobile HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=18, dt_total;dur=48.680, wf-uht;dur=0.058
traceparent: 00-7142d0d8b88038580f298126daea7652-1b14c715690ac242-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.034
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js

104.18.39.72

200 OK

481 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
481 kB (480579 bytes)
Hash
46260bb46d51262abee818c0c3bcf1c6
fe3be222aec74704fad1fa2559788b1fa287094a
20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c

HTTP Headers

GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8645476
expires: Sat, 26 Apr 2025 08:35:28 GMT
server: cloudflare
cf-ray: 87a53d57d9895685-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1228 bytes)
Hash
1ff133ab01d208b0d686dd88d85e239a
86a0501b79a1c553eadc829177a9e6ffff1948be
9ac21c63d1c8b7abe4c94550a731baff995d34c745c1d08fdf8d5e5c8de268f1

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Apr 2023 11:51:30 GMT
etag: W/"3ae81b002dca46d3b732ce3e03ae35c6"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0a56f8e176cb6574b53fb90d4740935b-a598b3be2c735e87-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:36:11+00:00, 2024-04-26T08:06:02+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-03T07:12:40+00:00
traceparent: 00-6777dfe16d9edf39726c5c480f051521-2de0c83fd96451ab-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js

185.244.209.62

200 OK

53 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
53 B (53 bytes)
Hash
c10595a768ce387c9ffc91fe3b1603fa
2d2c108cbf39742e7e56d98cda09d86f244b66c5
12989c5be25b32ca465df0ea9b73f585ce80a006b8c34973f3c1159697b24692

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: text/javascript; charset=utf-8
content-length: 53
last-modified: Tue, 23 Apr 2024 12:34:11 GMT
etag: "bb7e15ec1662efa164ad912bd1c65e19"
x-amz-meta-mtime: 1713875281.761615713
expires: Wed, 24 Apr 2024 20:51:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4ad24a6d4b6933c40219b7e73339d3c0-8cf09288ce22ff91-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T20:51:53+00:00, 2024-04-25T14:20:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/hd-api/external/api/web/v1/converslon/load

178.253.29.47

200 OK

34 kB

URL GET HTTP/2
1xlite-660473.top/hd-api/external/api/web/v1/converslon/load
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
34 kB (33476 bytes)
Hash
d332a72ba54d42648976e5e2192cc8ae
b701ae776e19d6f7de5a7454a327d70f62f9033e
1804b0a9e16599bcb3fffe2b8f60083bd13f1321492f9b4541b33c40c0d5218a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en; sh.session.id=3785e27e-9389-48aa-9adb-e4a074a5a1c1; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:34 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-2e6ad9d882b8cc8cd524989504a5c706-97fbbbe046b26d39-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 0579a4a79a899bcc614cbcecef77d565
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=4.661, wf-uht;dur=0.013
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js

185.244.209.62

200 OK

40 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (39925), with no line terminators
Size
40 kB (39925 bytes)
Hash
681145f0441284174ef426e56941290b
6e6844a39c0a7b28cd162391753ac6429a576728
a9b554dc85ad806c70c5a650600b4c39ea900812543992e8aa761b779600c3bb

HTTP Headers

GET /_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 8875
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-22ab"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b00b7828345e1a1baa419f83cfcd3746-c17e757d1cef99c2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:43+00:00, 2024-04-25T14:51:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

refpa4293501.top/L?tag=d_421509m_1599c_&site=421509&ad=1599

178.253.46.82

303 See Other

968 kB

URL User Request GET HTTP/2
refpa4293501.top/L?tag=d_421509m_1599c_&site=421509&ad=1599
IP
178.253.46.82:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subjectrefpa4293501.top
Fingerprint88:37:1C:26:C7:9D:8C:27:E2:F7:8B:64:21:CB:6C:63:DB:6C:F3:05
ValidityMon, 08 Apr 2024 05:15:45 GMT - Sun, 07 Jul 2024 05:15:44 GMT

File type

Size
968 kB (967968 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /L?tag=d_421509m_1599c_&site=421509&ad=1599 HTTP/1.1
Host: refpa4293501.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
server: nginx
date: Fri, 26 Apr 2024 08:35:23 GMT
cache-control: private
location: https://1xlite-660473.top:443/en?tag=d_421509m_1599c_
x-aspnetmvc-version: 5.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.003
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714120528

178.253.29.47

200 OK

90 B

URL GET HTTP/2
1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714120528
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
90 B (90 bytes)
Hash
e45f90dcbe718dea3476c4b69b501a4e
e9af26a93c467a77e4733ec537f4f5ce7a4ba089
a439dd8761d9fd4ff88e82e83200877703594491065880dbd4e59ddf4ce1b204

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1714120528 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_421509m_1599c_
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_421509m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_421509m_1599c_; platform_type=desktop; auid=sv0dL2YrZ0w3P7KAAwNyAg==; SESSION=73664b33eb77fbb9f477cda645e0ce6e; window_width=1280; che_g=84e6db2c-e9eb-f88e-e38d-5e2ccee26d59; _glhf=1714138302; application_locale=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=14, dt_total;dur=45.141, wf-uht;dur=0.053
traceparent: 00-95cc97107cbfc2623c857e6e5c6c0589-adef198536072b64-01
x-dt: 285
x-time-ng: 0.033
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/384075.webp

185.244.209.62

200 OK

738 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/384075.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
738 B (738 bytes)
Hash
c149dba4763f7e2e535ebfd64739ec1f
c067f11704c5a0afd77f1f71ebe33a518c354849
0f80775ab5b9ddf095419ab4d5730480cf8cb39fecb7ca28f2e40d4dfa377f42

HTTP Headers

GET /resized/size16/sfiles/logo_teams/384075.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:31 GMT
content-type: image/webp
content-length: 738
cache-control: max-age=94608000
content-disposition: inline; filename="384075.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 09:01:12 GMT
x-request-id: b54d031bd079f59ab8df0c3164c0fe26
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3e92410814dfd9b8473dbf5c9f02d59c-6675699573122198-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T09:01:12+00:00, 2024-04-25T09:33:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9b1085266c45.js

185.244.209.62

200 OK

435 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9b1085266c45.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (442), with no line terminators
Size
435 B (435 bytes)
Hash
d69836398bd4895f9ed08b64602707fb
7728053840070d0fd29aecd5bed68b05e3c88ed9
3fdb4c2cb36694d071a78552a86fe769ce9ccaef08da172fb2b7158c96d0c69c

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9b1085266c45.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:33 GMT
content-type: text/javascript; charset=utf-8
content-length: 435
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: "b075575bc06525b491d4fd8da21e93ff"
x-amz-meta-mtime: 1713875281.729615464
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-112230f5a6be8ff95b0f05f64f4b284d-db2bde924c51932e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:57+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/3.2.2/Desktop/Default/client.css

185.244.209.62

200 OK

1.0 MB

URL GET HTTP/2
v3.traincdn.com/sys-ui/3.2.2/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_421509m_1599c_
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
1.0 MB (1048646 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-ui/3.2.2/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 08:35:28 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 19 Apr 2024 10:16:19 GMT
etag: W/"e4b8405071f7ea0e1aa13cd501543a44"
x-amz-meta-mtime: 1713521458.745453226
content-encoding: gzip
expires: Sat, 20 Apr 2024 11:51:17 GMT
cache-control: max-age=86400
x-time-ng: 0.010
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fde98d4cd289437f845f34687b4364f8-4eea7a1cb2d73580-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-19T11:51:17+00:00, 2024-04-25T13:42:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (116)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML